summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java5
1 files changed, 4 insertions, 1 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 675ebd3ddd60..dedc0734cd04 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -10748,7 +10748,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
@VisibleForTesting
boolean hasDeviceIdAccessUnchecked(String packageName, int uid) {
final int userId = UserHandle.getUserId(uid);
- if (isPermissionCheckFlagEnabled()) {
+ // TODO(b/280048070): Introduce a permission to handle device ID access
+ if (isPermissionCheckFlagEnabled()
+ && !(isUidProfileOwnerLocked(uid) || isUidDeviceOwnerLocked(uid))) {
return hasPermission(MANAGE_DEVICE_POLICY_CERTIFICATES, packageName, userId);
} else {
ComponentName deviceOwner = getDeviceOwnerComponent(true);
@@ -22930,6 +22932,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
MANAGE_DEVICE_POLICY_LOCATION,
MANAGE_DEVICE_POLICY_LOCK,
MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS,
+ MANAGE_DEVICE_POLICY_CERTIFICATES,
MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION,
MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY,
MANAGE_DEVICE_POLICY_PACKAGE_STATE,
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-21 15:05:18 +0000