diff options
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 94338c8f34e4..8cd803c3f8eb 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8701,9 +8701,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { // Allow access to the profile owner for the specified user, or delegate cert installer // But only if this is an organization-owned device. ComponentName profileOwner = getProfileOwnerAsUser(userId); - if (profileOwner != null && canProfileOwnerAccessDeviceIds(userId) + final boolean isCallerProfileOwnerOrDelegate = profileOwner != null && (profileOwner.getPackageName().equals(packageName) - || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { + || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL)); + if (isCallerProfileOwnerOrDelegate && canProfileOwnerAccessDeviceIds(userId)) { + return true; + } + //TODO(b/130844684): Temporarily allow profile owner on non-organization-owned devices + //to read device identifiers. + if (isCallerProfileOwnerOrDelegate) { return true; } |