Change cross user permission for MANAGE_DEVICE_POLICY_LOCK.

* Changing it from `MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL` to `MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL`. * `MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL` is only for privacy intrusive policies, and locking the device is clearly not such policy and should be available to profile owners as well. Test: btest android.devicepolicy.cts.LockTest with feature flag on/off Bug: 378882674 Bug: 336297680 Flag: android.app.admin.flags.lock_now_coexistence Change-Id: I52c23f0a0d0e419fd172e19aef3a862c57f25e6b
author: Rafael Prado <rafaelprado@google.com> 2024-11-14 20:33:46 -0300
committer: Rafael Prado <rafaelprado@google.com> 2024-11-21 21:11:13 +0000
commit: e8b31f40e2cd794c8c85d34b86b379640afb029a (patch)
tree: 418346f384478881ce09fb78e35702b2d39fccff
parent: 8a64ce3ae77db1fd6fbc69bbcc1f5de2eff3903f (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index dde213de1d40..10570d804821 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -23178,6 +23178,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);
         CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_KEYGUARD,
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);
+        if (Flags.lockNowCoexistence()) {
+            CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK,
+                    MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);
+        }
         CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS,
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);
 
@@ -23252,8 +23256,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);
         CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCATION,
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);
-        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK,
-                MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);
+        if (!Flags.lockNowCoexistence()) {
+            CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK,
+                    MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);
+        }
         CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK_TASK,
                 MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);
         CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_MODIFY_USERS,
author	Rafael Prado <rafaelprado@google.com>	2024-11-14 20:33:46 -0300
committer	Rafael Prado <rafaelprado@google.com>	2024-11-21 21:11:13 +0000
commit	e8b31f40e2cd794c8c85d34b86b379640afb029a (patch)
tree	418346f384478881ce09fb78e35702b2d39fccff
parent	8a64ce3ae77db1fd6fbc69bbcc1f5de2eff3903f (diff)