diff options
4 files changed, 36 insertions, 30 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index d1b5a83e7142..f71d78b40242 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -7028,21 +7028,28 @@ public class DevicePolicyManager { } /** - * Called by a device owner to set the default SMS application. + * Must be called by a device owner or a profile owner of an organization-owned managed profile + * to set the default SMS application. * <p> - * The calling device admin must be a device owner. If it is not, a security exception will be - * thrown. + * This method can be called on the {@link DevicePolicyManager} instance, returned by + * {@link #getParentProfileInstance(ComponentName)}, where the caller must be the profile owner + * of an organization-owned managed profile and the package must be a pre-installed system + * package. If called on the parent instance, then the default SMS application is set on the + * personal profile. * - * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param packageName The name of the package to set as the default SMS application. - * @throws SecurityException if {@code admin} is not a device owner. + * @throws SecurityException if {@code admin} is not a device or profile owner or if + * called on the parent profile and the {@code admin} is not a + * profile owner of an organization-owned managed profile. + * @throws IllegalArgumentException if called on the parent profile and the package + * provided is not a pre-installed system package. */ public void setDefaultSmsApplication(@NonNull ComponentName admin, @NonNull String packageName) { - throwIfParentInstance("setDefaultSmsApplication"); if (mService != null) { try { - mService.setDefaultSmsApplication(admin, packageName); + mService.setDefaultSmsApplication(admin, packageName, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index e3dba310ab44..7fd0ae4a1a00 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -202,7 +202,7 @@ interface IDevicePolicyManager { void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity); void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName); - void setDefaultSmsApplication(in ComponentName admin, String packageName); + void setDefaultSmsApplication(in ComponentName admin, String packageName, boolean parent); void setApplicationRestrictions(in ComponentName who, in String callerPackage, in String packageName, in Bundle settings); Bundle getApplicationRestrictions(in ComponentName who, in String callerPackage, in String packageName); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index d7ea2f53c286..ec3ef7807c3a 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -9553,9 +9553,19 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override - public void setDefaultSmsApplication(ComponentName admin, String packageName) { + public void setDefaultSmsApplication(ComponentName admin, String packageName, boolean parent) { Objects.requireNonNull(admin, "ComponentName is null"); - enforceDeviceOwner(admin); + + if (parent) { + ActiveAdmin ap = getActiveAdminForCallerLocked(admin, + DeviceAdminInfo.USES_POLICY_ORGANIZATION_OWNED_PROFILE_OWNER, parent); + enforceProfileOwnerOfOrganizationOwnedDevice(ap); + mInjector.binderWithCleanCallingIdentity(() -> enforcePackageIsSystemPackage( + packageName, getProfileParentId(mInjector.userHandleGetCallingUserId()))); + } else { + enforceDeviceOwner(admin); + } + mInjector.binderWithCleanCallingIdentity(() -> SmsApplication.setDefaultApplication(packageName, mContext)); } @@ -10778,7 +10788,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { // API cannot be used to leak if certain non-system package exists in the person // profile. mInjector.binderWithCleanCallingIdentity(() -> - enforcePackageIsSystemPackage(packageName, hidden, userId)); + enforcePackageIsSystemPackage(packageName, userId)); } result = mInjector.binderWithCleanCallingIdentity(() -> mIPackageManager @@ -10811,7 +10821,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { DeviceAdminInfo.USES_POLICY_ORGANIZATION_OWNED_PROFILE_OWNER, parent); // Ensure the package provided is a system package. mInjector.binderWithCleanCallingIdentity(() -> - enforcePackageIsSystemPackage(packageName, false, userId)); + enforcePackageIsSystemPackage(packageName, userId)); } return mInjector.binderWithCleanCallingIdentity( @@ -10819,16 +10829,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } - private void enforcePackageIsSystemPackage(String packageName, boolean hidden, int userId) + private void enforcePackageIsSystemPackage(String packageName, int userId) throws RemoteException { - int flags = PackageManager.MATCH_SYSTEM_ONLY; - // If the package is currently hidden then it is considered uninstalled and - // the MATCH_UNINSTALLED_PACKAGES flag has to be added. - if (!hidden) { - flags |= PackageManager.MATCH_UNINSTALLED_PACKAGES; - } - PackageInfo packageInfo = mIPackageManager.getPackageInfo(packageName, flags, userId); - if (packageInfo == null || !packageInfo.applicationInfo.isSystemApp()) { + if (!isSystemApp(mIPackageManager, packageName, userId)) { throw new IllegalArgumentException( "The provided package is not a system package"); } diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java index def5b617becd..77e15eb32a89 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java @@ -2219,17 +2219,13 @@ public class DevicePolicyManagerTest extends DpmTestBase { String packageName = "com.google.android.test"; - PackageInfo packageInfo = new PackageInfo(); - packageInfo.applicationInfo = new ApplicationInfo(); - packageInfo.applicationInfo.flags = ApplicationInfo.FLAG_SYSTEM; + ApplicationInfo applicationInfo = new ApplicationInfo(); + applicationInfo.flags = ApplicationInfo.FLAG_SYSTEM; when(getServices().userManager.getProfileParent(MANAGED_PROFILE_USER_ID)) .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0)); - when(getServices().ipackageManager.getPackageInfo(packageName, - PackageManager.MATCH_SYSTEM_ONLY, UserHandle.USER_SYSTEM)).thenReturn( - packageInfo); - when(getServices().ipackageManager.getPackageInfo(packageName, - PackageManager.MATCH_UNINSTALLED_PACKAGES | PackageManager.MATCH_SYSTEM_ONLY, - UserHandle.USER_SYSTEM)).thenReturn(packageInfo); + when(getServices().ipackageManager.getApplicationInfo(packageName, + PackageManager.MATCH_UNINSTALLED_PACKAGES, UserHandle.USER_SYSTEM)).thenReturn( + applicationInfo); parentDpm.setApplicationHidden(admin1, packageName, true); verify(getServices().ipackageManager).setApplicationHiddenSettingAsUser(packageName, |