Merge "Give the PO the MANAGE_DEVICE_POLICY_CERTIFICATES permission" into udc-dev am: e8899cf651 am: 5263ffa52d am: fe52e68b64

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22760257 Change-Id: I57909cd7e9229b3053bbb6b861e8d21bb148ae4b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2023-05-02 16:25:26 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-05-02 16:25:26 +0000
commit: 8db75e07536aa6b51c63cd2be1a49bcacc7bc3d3 (patch)
tree: 40ae524ceed5772e9c02c64f26914159b19cdbf1
parent: 12fb4a08a03223e6b52bba4d940ca5923192d955 (diff)
parent: fe52e68b644241cbbb9ec000710636106f51bfed (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 675ebd3ddd60..dedc0734cd04 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -10748,7 +10748,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     @VisibleForTesting
     boolean hasDeviceIdAccessUnchecked(String packageName, int uid) {
         final int userId = UserHandle.getUserId(uid);
-        if (isPermissionCheckFlagEnabled()) {
+        // TODO(b/280048070): Introduce a permission to handle device ID access
+        if (isPermissionCheckFlagEnabled()
+                && !(isUidProfileOwnerLocked(uid) || isUidDeviceOwnerLocked(uid))) {
             return hasPermission(MANAGE_DEVICE_POLICY_CERTIFICATES, packageName, userId);
         } else {
             ComponentName deviceOwner = getDeviceOwnerComponent(true);
@@ -22930,6 +22932,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                     MANAGE_DEVICE_POLICY_LOCATION,
                     MANAGE_DEVICE_POLICY_LOCK,
                     MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS,
+                    MANAGE_DEVICE_POLICY_CERTIFICATES,
                     MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION,
                     MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY,
                     MANAGE_DEVICE_POLICY_PACKAGE_STATE,
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2023-05-02 16:25:26 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 16:25:26 +0000
commit	8db75e07536aa6b51c63cd2be1a49bcacc7bc3d3 (patch)
tree	40ae524ceed5772e9c02c64f26914159b19cdbf1
parent	12fb4a08a03223e6b52bba4d940ca5923192d955 (diff)
parent	fe52e68b644241cbbb9ec000710636106f51bfed (diff)