diff options
| author | 2019-12-19 16:21:46 +0000 | |
|---|---|---|
| committer | 2019-12-19 16:50:10 +0000 | |
| commit | 53c777b2512e8753d4bacb6089689d6b4ac317a4 (patch) | |
| tree | 0501765c8a407914ea1c190d1c63d7525cf3f255 | |
| parent | 7603db473ea54bc7d296443fd5d394ba258bacf4 (diff) | |
Temporarily restore device identifiers access to Profile Owner
Temporarily restore access to device identifiers for a profile owner on
a personal (non corporate-owned) device.
This is a partial revert of ag/9845617.
As this change breaks some Corp use cases, we will be working with the
affected parties on a timeline to re-introduce it.
Bug: 130844684
Bug:110099294
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testProfileOwnerCanGetDeviceIdentifiers
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Change-Id: I4444658680f18969b8bd6537b5f69ffb46692dbe
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 94338c8f34e4..8cd803c3f8eb 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8701,9 +8701,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { // Allow access to the profile owner for the specified user, or delegate cert installer // But only if this is an organization-owned device. ComponentName profileOwner = getProfileOwnerAsUser(userId); - if (profileOwner != null && canProfileOwnerAccessDeviceIds(userId) + final boolean isCallerProfileOwnerOrDelegate = profileOwner != null && (profileOwner.getPackageName().equals(packageName) - || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { + || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL)); + if (isCallerProfileOwnerOrDelegate && canProfileOwnerAccessDeviceIds(userId)) { + return true; + } + //TODO(b/130844684): Temporarily allow profile owner on non-organization-owned devices + //to read device identifiers. + if (isCallerProfileOwnerOrDelegate) { return true; } |