Limit IsSeparateProfileChallengeAllowed to system callers am: 1b6301cf24

am: 406229f0c8 Change-Id: Ibcdd009840f36c0ac566a2211a50ac75f6db5c28
author: Pavel Grafov <pgrafov@google.com> 2019-04-10 12:20:17 -0700
committer: android-build-merger <android-build-merger@google.com> 2019-04-10 12:20:17 -0700
commit: 7b68bad0fe33648d56c741121a385928d22d467e (patch)
tree: aab09514ca6161848c897527c7b83e285a55d1ab
parent: 71d8e5ffcf78654ca8042b08e009e63407bc656d (diff)
parent: 406229f0c84d4086c3f62019d356ca92a4864621 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 8f2a2d2dae67..8f1709e4d614 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4096,6 +4096,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
     @Override
     public boolean isSeparateProfileChallengeAllowed(int userHandle) {
+        if (!isCallerWithSystemUid()) {
+            throw new SecurityException("Caller must be system");
+        }
         ComponentName profileOwner = getProfileOwner(userHandle);
         // Profile challenge is supported on N or newer release.
         return profileOwner != null &&
author	Pavel Grafov <pgrafov@google.com>	2019-04-10 12:20:17 -0700
committer	android-build-merger <android-build-merger@google.com>	2019-04-10 12:20:17 -0700
commit	7b68bad0fe33648d56c741121a385928d22d467e (patch)
tree	aab09514ca6161848c897527c7b83e285a55d1ab
parent	71d8e5ffcf78654ca8042b08e009e63407bc656d (diff)
parent	406229f0c84d4086c3f62019d356ca92a4864621 (diff)