diff options
| -rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 9 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 9 |
2 files changed, 11 insertions, 7 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 54a64ef3f392..f890b73a1825 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -8935,7 +8935,8 @@ public class DevicePolicyManager { } /** - * Called by device owners to set a local system update policy. When a new policy is set, + * Called by device owners or profile owners of an organization-owned managed profile to to set + * a local system update policy. When a new policy is set, * {@link #ACTION_SYSTEM_UPDATE_POLICY_CHANGED} is broadcasted. * <p> * If the supplied system update policy has freeze periods set but the freeze periods do not @@ -8953,7 +8954,8 @@ public class DevicePolicyManager { * components in the device owner package can set system update policies and the most * recent policy takes effect. * @param policy the new policy, or {@code null} to clear the current policy. - * @throws SecurityException if {@code admin} is not a device owner. + * @throws SecurityException if {@code admin} is not a device owner or a profile owner of an + * organization-owned managed profile. * @throws IllegalArgumentException if the policy type or maintenance window is not valid. * @throws SystemUpdatePolicy.ValidationFailedException if the policy's freeze period does not * meet the requirement. @@ -11028,7 +11030,8 @@ public class DevicePolicyManager { } /** - * Called by device owner to install a system update from the given file. The device will be + * Called by device owner or profile owner of an organization-owned managed profile to install + * a system update from the given file. The device will be * rebooted in order to finish installing the update. Note that if the device is rebooted, this * doesn't necessarily mean that the update has been applied successfully. The caller should * additionally check the system version with {@link android.os.Build#FINGERPRINT} or {@link diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index fc3c927f8f1b..814b1e6dcf34 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -12040,7 +12040,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { LocalDate.now()); } synchronized (getLockObject()) { - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); + getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ORGANIZATION_OWNED_PROFILE_OWNER); if (policy == null) { mOwners.clearSystemUpdatePolicy(); } else { @@ -12049,9 +12050,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } mOwners.writeDeviceOwner(); } - mContext.sendBroadcastAsUser( + mInjector.binderWithCleanCallingIdentity(() -> mContext.sendBroadcastAsUser( new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED), - UserHandle.SYSTEM); + UserHandle.SYSTEM)); DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_SYSTEM_UPDATE_POLICY) .setAdmin(who) @@ -14705,7 +14706,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { .setAdmin(admin) .setBoolean(isDeviceAB()) .write(); - enforceDeviceOwner(admin); + enforceDeviceOwnerOrProfileOwnerOnOrganizationOwnedDevice(admin); mInjector.binderWithCleanCallingIdentity(() -> { UpdateInstaller updateInstaller; if (isDeviceAB()) { |