Global.OEM_UNLOCK_DISALLOWED should only restrict when enabling oem
Bug:29409746
Change-Id: I5254456cc2364c93809cebbe2d134a873873790d
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java
index 1e0b693..e233b1c 100644
--- a/services/core/java/com/android/server/PersistentDataBlockService.java
+++ b/services/core/java/com/android/server/PersistentDataBlockService.java
@@ -466,12 +466,13 @@
enforceOemUnlockWritePermission();
enforceIsAdmin();
- // Do not allow oem unlock modification if it has been disallowed.
- if (Settings.Global.getInt(getContext().getContentResolver(),
- Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) {
- throw new SecurityException("OEM unlock has been disallowed.");
- }
if (enabled) {
+ // Do not allow oem unlock to be enabled if it has been disallowed.
+ if (Settings.Global.getInt(getContext().getContentResolver(),
+ Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) {
+ throw new SecurityException(
+ "OEM unlock has been disallowed by OEM_UNLOCK_DISALLOWED.");
+ }
enforceFactoryResetAllowed();
}
synchronized (mLock) {
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 414d165..c082143 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -429,7 +429,7 @@
if (newValue) {
PersistentDataBlockManager manager = (PersistentDataBlockManager) context
.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
- if (manager != null) {
+ if (manager != null && manager.getOemUnlockEnabled()) {
manager.setOemUnlockEnabled(false);
}
}