diff options
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index bdfbb7c9a327..f6bc93ab2491 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -15470,11 +15470,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { - Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), - "Admin " + who - + " is neither the device owner or affiliated user's profile owner."); - if (isManagedProfile(userId)) { - throw new SecurityException("Managed profile cannot disable status bar"); + if (!isPermissionCheckFlagEnabled()) { + Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), + "Admin " + who + " is neither the device owner or affiliated " + + "user's profile owner."); + if (isManagedProfile(userId)) { + throw new SecurityException("Managed profile cannot disable status bar"); + } } checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_STATUS_BAR_DISABLED); @@ -15527,16 +15529,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); - Preconditions.checkCallAuthorization( - isProfileOwner(caller) || isDefaultDeviceOwner(caller)); + if (isPermissionCheckFlagEnabled()) { + enforceCanQuery( + MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); + } else { + Preconditions.checkCallAuthorization( + isProfileOwner(caller) || isDefaultDeviceOwner(caller)); + } int userId = caller.getUserId(); synchronized (getLockObject()) { - Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), - "Admin " + callerPackage - + " is neither the device owner or affiliated user's profile owner."); - if (isManagedProfile(userId)) { - throw new SecurityException("Managed profile cannot disable status bar"); + if (!isPermissionCheckFlagEnabled()) { + Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), + "Admin " + callerPackage + + " is neither the device owner or affiliated user's profile owner."); + if (isManagedProfile(userId)) { + throw new SecurityException("Managed profile cannot disable status bar"); + } } DevicePolicyData policy = getUserData(userId); return policy.mStatusBarDisabled; @@ -22831,7 +22840,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { MANAGE_DEVICE_POLICY_PROFILE_INTERACTION, MANAGE_DEVICE_POLICY_SAFE_BOOT, MANAGE_DEVICE_POLICY_SMS, - MANAGE_DEVICE_POLICY_STATUS_BAR, MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS, MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER, MANAGE_DEVICE_POLICY_USERS, @@ -22852,7 +22860,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * All the additional permissions granted to a Profile Owner on an affiliated user. */ private static final List<String> ADDITIONAL_AFFILIATED_PROFILE_OWNER_ON_USER_PERMISSIONS = - List.of(); + List.of( + MANAGE_DEVICE_POLICY_STATUS_BAR + ); /** * Combination of {@link PROFILE_OWNER_PERMISSIONS} and |