diff options
3 files changed, 11 insertions, 4 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index a1dd5a4b60ce..90d96160053c 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -10335,11 +10335,14 @@ public class DevicePolicyManager { * @return the current credential manager policy if null then this policy has not been * configured. */ + @UserHandleAware( + enabledSinceTargetSdkVersion = UPSIDE_DOWN_CAKE, + requiresPermissionIfNotCaller = INTERACT_ACROSS_USERS) public @Nullable PackagePolicy getCredentialManagerPolicy() { throwIfParentInstance("getCredentialManagerPolicy"); if (mService != null) { try { - return mService.getCredentialManagerPolicy(); + return mService.getCredentialManagerPolicy(myUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index beb452cf2cfa..ca1d8ab4e5c0 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -346,7 +346,7 @@ interface IDevicePolicyManager { boolean hasManagedProfileCallerIdAccess(int userId, String packageName); void setCredentialManagerPolicy(in PackagePolicy policy); - PackagePolicy getCredentialManagerPolicy(); + PackagePolicy getCredentialManagerPolicy(int userId); void setManagedProfileContactsAccessPolicy(in PackagePolicy policy); PackagePolicy getManagedProfileContactsAccessPolicy(); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 6885a89c507e..ecd3fdb3d460 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -16745,16 +16745,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public PackagePolicy getCredentialManagerPolicy() { + public PackagePolicy getCredentialManagerPolicy(int userId) { if (!mHasFeature) { return null; } final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( canWriteCredentialManagerPolicy(caller) || canQueryAdminPolicy(caller)); + if (userId != caller.getUserId()) { + Preconditions.checkCallAuthorization( + hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS)); + } synchronized (getLockObject()) { - ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()); + ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userId); return (admin != null) ? admin.mCredentialManagerPolicy : null; } } |