From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Tsung-Mao Fang Date: Mon, 3 Jan 2022 18:25:04 +0800 Subject: [PATCH] FRP bypass defense in the settings app Over the last few years, there have been a number of Factory Reset Protection bypass bugs in the SUW flow. It's unlikely to defense all points from individual apps. Therefore, we decide to block some critical pages when user doesn't complete the SUW flow. Test: Can't open the certain pages in the suw flow. Bug: 258422561 Fix: 200746457 Bug: 202975040 Fix: 213091525 Fix: 213090835 Fix: 201561699 Fix: 213090827 Fix: 213090875 Change-Id: Ia18f367109df5af7da0a5acad7702898a459d32e Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e (cherry picked from commit ff5bfb40c8b09ab477efaae6a0199911a0d703dd) Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e --- .../settings/SettingsPreferenceFragment.java | 22 ++++++++++++++++++- .../system/ResetDashboardFragment.java | 5 +++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/SettingsPreferenceFragment.java b/src/com/android/settings/SettingsPreferenceFragment.java index a3d26af8eb7..6653dd0ba98 100644 --- a/src/com/android/settings/SettingsPreferenceFragment.java +++ b/src/com/android/settings/SettingsPreferenceFragment.java @@ -49,6 +49,7 @@ import com.android.settings.applications.LayoutPreference; import com.android.settings.core.InstrumentedPreferenceFragment; import com.android.settings.core.instrumentation.Instrumentable; import com.android.settings.core.instrumentation.InstrumentedDialogFragment; +import com.android.settings.Utils; import com.android.settings.widget.LoadingViewController; import com.android.settingslib.CustomDialogPreference; import com.android.settingslib.CustomEditTextPreference; @@ -69,7 +70,7 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF **/ public static final String HELP_URI_RESOURCE_KEY = "help_uri_resource"; - private static final String TAG = "SettingsPreference"; + private static final String TAG = "SettingsPreferenceFragment"; @VisibleForTesting static final int DELAY_HIGHLIGHT_DURATION_MILLIS = 600; @@ -141,6 +142,15 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF @VisibleForTesting public boolean mPreferenceHighlighted = false; + @Override + public void onAttach(Context context) { + if (shouldSkipForInitialSUW() && !Utils.isDeviceProvisioned(getContext())) { + Log.w(TAG, "Skip " + getClass().getSimpleName() + " before SUW completed."); + finish(); + } + super.onAttach(context); + } + @Override public void onCreate(Bundle icicle) { super.onCreate(icicle); @@ -281,6 +291,16 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF } } + /** + * Whether UI should be skipped in the initial SUW flow. + * + * @return {@code true} when UI should be skipped in the initial SUW flow. + * {@code false} when UI should not be skipped in the initial SUW flow. + */ + protected boolean shouldSkipForInitialSUW() { + return false; + } + protected void onDataSetChanged() { highlightPreferenceIfNeeded(); updateEmptyView(); diff --git a/src/com/android/settings/system/ResetDashboardFragment.java b/src/com/android/settings/system/ResetDashboardFragment.java index 48295a42e18..add340f2306 100644 --- a/src/com/android/settings/system/ResetDashboardFragment.java +++ b/src/com/android/settings/system/ResetDashboardFragment.java @@ -56,6 +56,11 @@ public class ResetDashboardFragment extends DashboardFragment { return buildPreferenceControllers(context, getLifecycle()); } + @Override + protected boolean shouldSkipForInitialSUW() { + return true; + } + private static List buildPreferenceControllers(Context context, Lifecycle lifecycle) { final List controllers = new ArrayList<>();