From 0aa45bed65f544e68e0d38f255da005b3ce9fddf Mon Sep 17 00:00:00 2001 From: Andrew Scull Date: Wed, 6 Sep 2017 17:53:25 +0100 Subject: [PATCH] Policy transparency when DISALLOW_FACTORY_RESET prevents OEM unlock. If an admin has set the DISALLOW_FACTORY_RESET user restriction, OEM unlock is also restricted. If this is the case, it should be explained to the user that the admin is preventing the OEM unlock. DISALLOW_OEM_UNLOCK is deprecated and now managed by OemLockManager. This restriction is also one set by the carrier, not an admin. Test: RunSettingsRoboTests Test: CTS verifier test from the bug Bug: 65124732 Change-Id: I8bde87a522742a7cbda006eee17c2a19797b1835 --- .../settings/development/DevelopmentSettings.java | 20 ++++++++++++++------ .../src/android/service/oemlock/OemLockManager.java | 3 --- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/com/android/settings/development/DevelopmentSettings.java b/src/com/android/settings/development/DevelopmentSettings.java index 4df72e6ce2..b32b1419ab 100644 --- a/src/com/android/settings/development/DevelopmentSettings.java +++ b/src/com/android/settings/development/DevelopmentSettings.java @@ -53,6 +53,7 @@ import android.os.RemoteException; import android.os.ServiceManager; import android.os.StrictMode; import android.os.SystemProperties; +import android.os.UserHandle; import android.os.UserManager; import android.os.storage.IStorageManager; import android.provider.SearchIndexableResource; @@ -1025,8 +1026,19 @@ public class DevelopmentSettings extends RestrictedSettingsFragment return context.getSystemService(Context.OEM_LOCK_SERVICE) != null; } + /** + * Returns whether OEM unlock is allowed by the user and carrier. + * + * This does not take into account any restrictions imposed by the device policy. + */ + private boolean isOemUnlockAllowedByUserAndCarrier() { + final UserHandle userHandle = UserHandle.of(UserHandle.myUserId()); + return mOemLockManager.isOemUnlockAllowedByCarrier() + && !mUm.hasBaseUserRestriction(UserManager.DISALLOW_FACTORY_RESET, userHandle); + } + private boolean enableOemUnlockPreference() { - return !isBootloaderUnlocked() && mOemLockManager.canUserAllowOemUnlock(); + return !isBootloaderUnlocked() && isOemUnlockAllowedByUserAndCarrier(); } private void updateOemUnlockOptions() { @@ -1040,10 +1052,6 @@ public class DevelopmentSettings extends RestrictedSettingsFragment // Check restriction, disable mEnableOemUnlock and apply policy transparency. mEnableOemUnlock.checkRestrictionAndSetDisabled(UserManager.DISALLOW_FACTORY_RESET); } - if (mEnableOemUnlock.isEnabled()) { - // Check restriction, disable mEnableOemUnlock and apply policy transparency. - mEnableOemUnlock.checkRestrictionAndSetDisabled(UserManager.DISALLOW_OEM_UNLOCK); - } } } @@ -2568,7 +2576,7 @@ public class DevelopmentSettings extends RestrictedSettingsFragment oemUnlockSummary = R.string.oem_unlock_enable_disabled_summary_bootloader_unlocked; } else if (isSimLockedDevice()) { oemUnlockSummary = R.string.oem_unlock_enable_disabled_summary_sim_locked_device; - } else if (!mOemLockManager.canUserAllowOemUnlock()) { + } else if (!isOemUnlockAllowedByUserAndCarrier()) { // If the device isn't SIM-locked but OEM unlock is disallowed by some party, this // means either some other carrier restriction is in place or the device hasn't been // able to confirm which restrictions (SIM-lock or otherwise) apply. diff --git a/tests/robotests/src/android/service/oemlock/OemLockManager.java b/tests/robotests/src/android/service/oemlock/OemLockManager.java index 7c015cf505..c168089be4 100644 --- a/tests/robotests/src/android/service/oemlock/OemLockManager.java +++ b/tests/robotests/src/android/service/oemlock/OemLockManager.java @@ -32,9 +32,6 @@ public class OemLockManager { return false; } - public boolean canUserAllowOemUnlock() { - return true; - } public boolean isOemUnlockAllowed() { return false; } -- 2.11.0