Run isKeyguardSecure under system privileges

In certain cases, isKeyguardSecure calls UserManager.getProfileParent, which requires MANAGE_USERS permission. Now the check is done under system privileges. Bug:18765066 Change-Id: I6b23aedee06403d36523af5fee9c7db9659284b3
author: Fyodor Kupolov <fkupolov@google.com> 2015-01-13 11:06:04 -0800
committer: Fyodor Kupolov <fkupolov@google.com> 2015-01-13 11:06:04 -0800
commit: c87d162815f228cda3c2bc70022c54e332bee0e5 (patch)
tree: 3668ba22bc5b5bcd58209739d3cb17565180071b
parent: 84c5e8ebf0185ca65d4bab148f6d72d71940aba8 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index 4d0169d55916..4ba766a9ea36 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -5379,7 +5379,12 @@ public class WindowManagerService extends IWindowManager.Stub
 
     @Override
     public boolean isKeyguardSecure() {
-        return mPolicy.isKeyguardSecure();
+        long origId = Binder.clearCallingIdentity();
+        try {
+            return mPolicy.isKeyguardSecure();
+        } finally {
+            Binder.restoreCallingIdentity(origId);
+        }
     }
 
     @Override
author	Fyodor Kupolov <fkupolov@google.com>	2015-01-13 11:06:04 -0800
committer	Fyodor Kupolov <fkupolov@google.com>	2015-01-13 11:06:04 -0800
commit	c87d162815f228cda3c2bc70022c54e332bee0e5 (patch)
tree	3668ba22bc5b5bcd58209739d3cb17565180071b
parent	84c5e8ebf0185ca65d4bab148f6d72d71940aba8 (diff)