am 3eaf7d21: am 6501720c: am 489043d4: am 9a81a182: Merge "Don\'t always transfer device owner status to other users." into mnc-dev

* commit '3eaf7d2155d0c513eb08f66abc02f87b09659be7': Don't always transfer device owner status to other users.
author: Rubin Xu <rubinxu@google.com> 2015-07-31 13:33:39 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-07-31 13:33:39 +0000
commit: 0550536b27176170a8ef3f8ed8f7e955b8d2a663 (patch)
tree: d656d0959c6d964b42a8ab8dce25180aab09f294
parent: 33cb97c0f0824f8a5f35c09db28565b076bc9994 (diff)
parent: 3eaf7d2155d0c513eb08f66abc02f87b09659be7 (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index d9afa005bc98..1e833b1e7aba 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -1277,11 +1277,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 && !hasUserSetupCompleted(userId);
 
         if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
-            if (ownsDevice || (userId == UserHandle.USER_OWNER && ownsInitialization)) {
+            if ((userId == UserHandle.USER_OWNER && (ownsDevice || ownsInitialization))
+                    || (ownsDevice && ownsProfile)) {
                 return true;
             }
         } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
-            if (ownsDevice || ownsProfile || ownsInitialization) {
+            if ((userId == UserHandle.USER_OWNER && ownsDevice) || ownsProfile
+                    || ownsInitialization) {
                 return true;
             }
         } else {
@@ -4244,6 +4246,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             throw new IllegalArgumentException("Invalid component name " + initializer
                     + " for device initializer");
         }
+        boolean isInitializerSystemApp;
+        try {
+            isInitializerSystemApp = isSystemApp(AppGlobals.getPackageManager(),
+                    initializer.getPackageName(), Binder.getCallingUserHandle().getIdentifier());
+        } catch (RemoteException | IllegalArgumentException e) {
+            isInitializerSystemApp = false;
+            Slog.e(LOG_TAG, "Fail to check if device initialzer is system app.", e);
+        }
+        if (!isInitializerSystemApp) {
+            throw new IllegalArgumentException("Only system app can be set as device initializer.");
+        }
         synchronized (this) {
             enforceCanSetDeviceInitializer(who);
author	Rubin Xu <rubinxu@google.com>	2015-07-31 13:33:39 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-07-31 13:33:39 +0000
commit	0550536b27176170a8ef3f8ed8f7e955b8d2a663 (patch)
tree	d656d0959c6d964b42a8ab8dce25180aab09f294
parent	33cb97c0f0824f8a5f35c09db28565b076bc9994 (diff)
parent	3eaf7d2155d0c513eb08f66abc02f87b09659be7 (diff)