diff options
| author | 2020-10-23 08:05:33 +0000 | |
|---|---|---|
| committer | 2020-10-23 08:05:33 +0000 | |
| commit | d2fcd9f98bc8dad29fe45d23d3fda242f263e220 (patch) | |
| tree | 3f9105f7e389e096d8d1efbc121f7a0c15c8b517 | |
| parent | e23d24661684d36427a2832f581fd1a7468f3813 (diff) | |
| parent | 26af4ae6f1c12066b0fef2d44b329bae19edb102 (diff) | |
Merge "Fix access control isAlwaysOnVpnLockdownEnabled"
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index a6d836ba8ef1..e8f12767d5c6 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -5791,8 +5791,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { public boolean isAlwaysOnVpnLockdownEnabled(ComponentName admin) throws SecurityException { Objects.requireNonNull(admin, "ComponentName is null"); - final CallerIdentity caller = getCallerIdentity(admin); - Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller) + final CallerIdentity caller = getNonPrivilegedOrAdminCallerIdentity(admin); + Preconditions.checkCallAuthorization((caller.hasAdminComponent() + && (isDeviceOwner(caller) || isProfileOwner(caller))) || hasCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)); return mInjector.binderWithCleanCallingIdentity( |