diff options
| author | 2019-01-29 11:04:06 +0000 | |
|---|---|---|
| committer | 2019-01-31 11:27:48 +0000 | |
| commit | 8f2c1913dd0b6fbff89ee4f8e8f1bd6e8d587aa6 (patch) | |
| tree | f7525f1301e2140cb63f799266c47538e040a22f | |
| parent | db19aa43d0efd2cda1e62a10fb42feb6df148bab (diff) | |
Grant Device ID access to PO/DO delegates
Let the delegated certificate installer access device identifiers
(serial number, IMEI, meid) via the standard platform APIs.
This makes sense since the DO/PO can already access Device IDs and
there's no technical barrier from the DO/PO to send the Device IDs to
the app it nominated as the delegate.
To make things simpler for the delegate and DPC, let the delegate access
the Device IDs directly.
Bug: 120616022
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstallerDirectly
Change-Id: I0c996eeb0d35e99821ca3dcfe1afda01cd5ceb2f
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index a01a02625de2..f176bc4f025e 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8364,16 +8364,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { != PackageManager.PERMISSION_GRANTED) { return false; } - // Allow access to the device owner. + + // Allow access to the device owner or delegate cert installer. ComponentName deviceOwner = getDeviceOwnerComponent(true); - if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) { + if (deviceOwner != null && (deviceOwner.getPackageName().equals(packageName) + || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { return true; } - // Allow access to the profile owner for the specified user. + // Allow access to the profile owner for the specified user, or delegate cert installer ComponentName profileOwner = getProfileOwnerAsUser(userHandle); - if (profileOwner != null && profileOwner.getPackageName().equals(packageName)) { + if (profileOwner != null && (profileOwner.getPackageName().equals(packageName) + || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { return true; } + + Log.w(LOG_TAG, String.format("Package if %s (uid=%d, pid=%d) cannot access Device IDs", + packageName, uid, pid)); return false; } |