Fix missing permission check when saving pattern/password

Jim Miller · The Android Automerger · commit e83f0f6a5a6f · 2016-05-27T11:31:14.000-07:00
Fixes bug 28163930

Change-Id: Ic98ef20933b352159b88fdef331e83e9ef6e1f20
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
@@ -424,6 +424,7 @@ private byte[] getCurrentHandle(int userId) {
     @Override
     public void setLockPattern(String pattern, String savedCredential, int userId)
             throws RemoteException {
+        checkWritePermission(userId);
         byte[] currentHandle = getCurrentHandle(userId);
 
         if (pattern == null) {
@@ -452,6 +453,7 @@ public void setLockPattern(String pattern, String savedCredential, int userId)
     @Override
     public void setLockPassword(String password, String savedCredential, int userId)
             throws RemoteException {
+        checkWritePermission(userId);
         byte[] currentHandle = getCurrentHandle(userId);
 
         if (password == null) {
