| commit | df30c7d2e0bd59a1ed92d63bd1b4dc9c320e2ab6 | [log] [tgz] |
|---|---|---|
| author | Eric Sandness <sandness@google.com> | Tue Mar 27 09:56:40 2018 +0100 |
| committer | Eric Sandness <sandness@google.com> | Tue Mar 27 09:13:11 2018 +0000 |
| tree | 184ccfdde96f21ef2036921f1786a89f08448e0f | |
| parent | af13eeb11050b27419a235737a30b5a3335fdbe0 [diff] |
Permission Check For DPM.isDeviceProvisioned Require the caller of DPM.isDeviceProvisioned() to hold the MANAGE_USERS permission. The only callers should be within the framework itself, or apps involved in device provisioning which already hold this permission. Bug: 62343414 Test: Set TestDPC as Device Owner and use it to reset password Test: com.android.server.devicepolicy.DevicePolicyManagerTest Test: com.android.server.locksettings.LockSettingsServiceTests Test: com.google.android.gts.devicepolicy.DevicePolicyManagerTest Change-Id: Ie53deb5ba8679a5b431f2a8da60ec9710c44d56f
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 4cb7f89..4b729ff 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -8754,6 +8754,7 @@ * @hide */ @SystemApi + @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioned() { try { return mService.isDeviceProvisioned();
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 56c9807..39ae8bb 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -11815,6 +11815,7 @@ @Override public boolean isDeviceProvisioned() { + enforceManageUsers(); synchronized (this) { return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete; }