FRP bypass defense in the settings app

Over the last few years, there have been a number of Factory Reset Protection bypass bugs in the SUW flow. It's unlikely to defense all points from individual apps. Therefore, we decide to block some critical pages when user doesn't complete the SUW flow. Test: Can't open the certain pages in the suw flow. Fix: 200746457 Bug: 202975040 Fix: 213091525 Fix: 213090835 Fix: 201561699 Fix: 213090827 Fix: 213090875 Change-Id: Ia18f367109df5af7da0a5acad7702898a459d32e
2022-01-03 18:25:04 +08:00
parent 1ee60270df
commit 07dd833a6a
10 changed files with 170 additions and 1 deletions
--- a/src/com/android/settings/SettingsPreferenceFragment.java
+++ b/src/com/android/settings/SettingsPreferenceFragment.java
@@ -54,6 +54,7 @@ import com.android.settingslib.search.Indexable;
 import com.android.settingslib.widget.LayoutPreference;

 import com.google.android.material.appbar.AppBarLayout;
+import com.google.android.setupcompat.util.WizardManagerHelper;

 import java.util.UUID;

@@ -63,7 +64,7 @@ import java.util.UUID;
 public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceFragment
        implements DialogCreatable, HelpResourceProvider, Indexable {

-    private static final String TAG = "SettingsPreference";
+    private static final String TAG = "SettingsPreferenceFragment";

    private static final String SAVE_HIGHLIGHTED_KEY = "android:preference_highlighted";

@@ -121,6 +122,15 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF
    public HighlightablePreferenceGroupAdapter mAdapter;
    private boolean mPreferenceHighlighted = false;

+    @Override
+    public void onAttach(Context context) {
+        if (shouldSkipForInitialSUW() && !WizardManagerHelper.isDeviceProvisioned(getContext())) {
+            Log.w(TAG, "Skip " + getClass().getSimpleName() + " before SUW completed.");
+            finish();
+        }
+        super.onAttach(context);
+    }
+
    @Override
    public void onCreate(Bundle icicle) {
        super.onCreate(icicle);
@@ -267,6 +277,16 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF
                || (mAdapter.getPreferenceAdapterPosition(preference) != RecyclerView.NO_POSITION));
    }

+    /**
+     * Whether UI should be skipped in the initial SUW flow.
+     *
+     * @return {@code true} when UI should be skipped in the initial SUW flow.
+     * {@code false} when UI should not be skipped in the initial SUW flow.
+     */
+    protected boolean shouldSkipForInitialSUW() {
+        return false;
+    }
+
    protected void onDataSetChanged() {
        highlightPreferenceIfNeeded();
        updateEmptyView();