Make zero trust related APIs callable by permission holders - platform/frameworks/base

diff options

author	Rubin Xu <rubinxu@google.com>	2024-01-24 17:27:25 +0000
committer	Rubin Xu <rubinxu@google.com>	2024-02-13 19:19:36 +0000
commit	8668395a6d6a5767cd92973da84e8cc83cdebeac (patch)
tree	f4a37519adf36f1f2115f240966edd8754d371e3 /libs/androidfw/StringPool.cpp
parent	9027446c37c6e5a2d61ebc063d4a9c27294b5ea9 (diff)

Make zero trust related APIs callable by permission holders

1. getEnrollmentSpecificId This is currently callable by DO, PO and DELEGATION_CERT_INSTALL delegates. Convert this to MANAGE_DEVICE_POLICY_CERTIFICATES permission which DO, PO and DELEGATION_CERT_INSTALL all holds already (the DMRH also has this permission granted already) 2. getPendingSystemUpdate A new MANAGE_DEVICE_POLICY_SYSTEM_UPDATE_INFO permission is added to guard getPendingSystemUpdate. We also allow system update services (identified by the existing NOTIFY_PENDING_SYSTEM_UPDATE permission) who sets system update information to retrieve what it previously set via getPendingSystemUpdate. 3. notifyPendingSystemUpdate Also send ACTION_NOTIFY_PENDING_SYSTEM_UPDATE to all instances of the Device Management Role Holder. Bug: 254653320 Bug: 289520697 Test: EnrollmentSpecificIdTest android.devicepolicy.cts.PendingSystemUpdateTest android.permissionpolicy.cts Change-Id: I35367d115564f624fa8b3302c8ed4e2825c67893

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: