diff options
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 7e5d5aae06e4..279272fd0b35 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -15467,11 +15467,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { - Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), - "Admin " + who - + " is neither the device owner or affiliated user's profile owner."); - if (isManagedProfile(userId)) { - throw new SecurityException("Managed profile cannot disable status bar"); + if (!isPermissionCheckFlagEnabled()) { + Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), + "Admin " + who + " is neither the device owner or affiliated " + + "user's profile owner."); + if (isManagedProfile(userId)) { + throw new SecurityException("Managed profile cannot disable status bar"); + } } checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_STATUS_BAR_DISABLED); @@ -15524,16 +15526,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); - Preconditions.checkCallAuthorization( - isProfileOwner(caller) || isDefaultDeviceOwner(caller)); + if (isPermissionCheckFlagEnabled()) { + enforceCanQuery( + MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); + } else { + Preconditions.checkCallAuthorization( + isProfileOwner(caller) || isDefaultDeviceOwner(caller)); + } int userId = caller.getUserId(); synchronized (getLockObject()) { - Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), - "Admin " + callerPackage - + " is neither the device owner or affiliated user's profile owner."); - if (isManagedProfile(userId)) { - throw new SecurityException("Managed profile cannot disable status bar"); + if (!isPermissionCheckFlagEnabled()) { + Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), + "Admin " + callerPackage + + " is neither the device owner or affiliated user's profile owner."); + if (isManagedProfile(userId)) { + throw new SecurityException("Managed profile cannot disable status bar"); + } } DevicePolicyData policy = getUserData(userId); return policy.mStatusBarDisabled; @@ -22796,7 +22805,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { MANAGE_DEVICE_POLICY_PROFILE_INTERACTION, MANAGE_DEVICE_POLICY_SAFE_BOOT, MANAGE_DEVICE_POLICY_SMS, - MANAGE_DEVICE_POLICY_STATUS_BAR, MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS, MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER, MANAGE_DEVICE_POLICY_USERS, @@ -22817,7 +22825,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * All the additional permissions granted to a Profile Owner on an affiliated user. */ private static final List<String> ADDITIONAL_AFFILIATED_PROFILE_OWNER_ON_USER_PERMISSIONS = - List.of(); + List.of( + MANAGE_DEVICE_POLICY_STATUS_BAR + ); /** * Combination of {@link PROFILE_OWNER_PERMISSIONS} and |