diff options
| author | 2023-02-20 12:04:53 +0000 | |
|---|---|---|
| committer | 2023-02-20 12:04:53 +0000 | |
| commit | cf16a02e27d2f0a89d95dcf17ad088fca6be2300 (patch) | |
| tree | 04354a73f65d168e9691078a370d9437f18ad555 | |
| parent | 3d907cca3cac9c5dd947214aa8b17dda5dead326 (diff) | |
| parent | b52f6dae9992b01a27c91407da19671981bc1fbf (diff) | |
Merge "Fix access control checks getOwnerInstalledCaCerts" into udc-dev
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 64c4d989ee7b..3c3cb2b49ba3 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -18611,9 +18611,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) { final int userId = user.getIdentifier(); final CallerIdentity caller = getCallerIdentity(); - Preconditions.checkCallAuthorization((userId == caller.getUserId()) - || isProfileOwner(caller) || isDefaultDeviceOwner(caller) - || hasFullCrossUsersPermission(caller, userId)); + Preconditions.checkCallAuthorization( + (isProfileOwner(caller) || isDefaultDeviceOwner(caller) || canQueryAdminPolicy( + caller)) && hasFullCrossUsersPermission(caller, userId)); synchronized (getLockObject()) { return new StringParceledListSlice( |