diff options
5 files changed, 21 insertions, 24 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 12db71a00938..e2e8049c2980 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -7000,7 +7000,7 @@ public class DevicePolicyManager { throwIfParentInstance("isProfileOwnerApp"); if (mService != null) { try { - ComponentName profileOwner = mService.getProfileOwnerAsUser(myUserId()); + ComponentName profileOwner = mService.getProfileOwner(myUserId()); return profileOwner != null && profileOwner.getPackageName().equals(packageName); } catch (RemoteException re) { diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 86058d9933df..9c6a274ccf8c 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -156,6 +156,7 @@ interface IDevicePolicyManager { boolean setProfileOwner(in ComponentName who, String ownerName, int userHandle); ComponentName getProfileOwnerAsUser(int userHandle); + ComponentName getProfileOwner(int userHandle); ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent(in UserHandle userHandle); String getProfileOwnerName(int userHandle); void setProfileEnabled(in ComponentName who); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java b/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java index a33a512b3be0..aa38880d6d7d 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java @@ -177,7 +177,7 @@ public class CertificateMonitor { int parentUserId = userHandle.getIdentifier(); - if (mService.getProfileOwnerAsUser(userHandle.getIdentifier()) != null) { + if (mService.getProfileOwner(userHandle.getIdentifier()) != null) { contentText = resources.getString(R.string.ssl_ca_cert_noti_managed, mService.getProfileOwnerName(userHandle.getIdentifier())); smallIconId = R.drawable.stat_sys_certificate_info; diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 3b6d0b5cdf7f..86e130577ea8 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -4722,7 +4722,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { public boolean isSeparateProfileChallengeAllowed(int userHandle) { enforceSystemCaller("query separate challenge support"); - ComponentName profileOwner = getProfileOwnerAsUser(userHandle); + ComponentName profileOwner = getProfileOwner(userHandle); // Profile challenge is supported on N or newer release. return profileOwner != null && getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; @@ -6637,7 +6637,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final UserHandle caller = mInjector.binderGetCallingUserHandle(); // If there is a profile owner, redirect to that; otherwise query the device owner. - ComponentName aliasChooser = getProfileOwnerAsUser(caller.getIdentifier()); + ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); if (aliasChooser == null && caller.isSystem()) { synchronized (getLockObject()) { final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); @@ -8759,7 +8759,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } public boolean isProfileOwner(ComponentName who, int userId) { - final ComponentName profileOwner = getProfileOwnerAsUser(userId); + final ComponentName profileOwner = getProfileOwner(userId); return who != null && who.equals(profileOwner); } @@ -9317,10 +9317,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public ComponentName getProfileOwnerAsUser(int userHandle) { + enforceCrossUsersPermission(userHandle); + + return getProfileOwner(userHandle); + } + + @Override + public ComponentName getProfileOwner(int userHandle) { if (!mHasFeature) { return null; } - enforceCrossUsersPermission(userHandle); synchronized (getLockObject()) { return mOwners.getProfileOwnerComponent(userHandle); } @@ -9363,9 +9369,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return mInjector.binderWithCleanCallingIdentity(() -> { for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { if (userInfo.isManagedProfile()) { - if (getProfileOwnerAsUser(userInfo.id) != null + if (getProfileOwner(userInfo.id) != null && isProfileOwnerOfOrganizationOwnedDevice(userInfo.id)) { - ComponentName who = getProfileOwnerAsUser(userInfo.id); + ComponentName who = getProfileOwner(userInfo.id); return getActiveAdminUncheckedLocked(who, userInfo.id); } } @@ -9405,7 +9411,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return null; } enforceManageUsers(); - ComponentName profileOwner = getProfileOwnerAsUser(userHandle); + ComponentName profileOwner = getProfileOwner(userHandle); if (profileOwner == null) { return null; } @@ -9802,7 +9808,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; } - final ComponentName profileOwner = getProfileOwnerAsUser(userId); + final ComponentName profileOwner = getProfileOwner(userId); if (profileOwner == null) { return false; } @@ -13419,7 +13425,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { // Managed-profiles cannot be setup on the system user. return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; } - if (getProfileOwnerAsUser(callingUserId) != null) { + if (getProfileOwner(callingUserId) != null) { // Managed user cannot have a managed profile. return CODE_USER_HAS_PROFILE_OWNER; } @@ -14073,7 +14079,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return true; } - final ComponentName profileOwner = getProfileOwnerAsUser(userId); + final ComponentName profileOwner = getProfileOwner(userId); if (profileOwner == null) { return false; } @@ -14283,7 +14289,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { enforceUserUnlocked(userId); - final ComponentName profileOwner = getProfileOwnerAsUser(userId); + final ComponentName profileOwner = getProfileOwner(userId); if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); } @@ -15819,7 +15825,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final List<ActiveAdmin> admins = new ArrayList<>(); int[] users = mUserManager.getProfileIdsWithDisabled(UserHandle.getCallingUserId()); for (int i = 0; i < users.length; i++) { - final ComponentName componentName = getProfileOwnerAsUser(users[i]); + final ComponentName componentName = getProfileOwner(users[i]); if (componentName != null) { ActiveAdmin admin = getActiveAdminUncheckedLocked(componentName, users[i]); if (admin != null) { diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java index 82c23e5051c9..daaabf8141ff 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java @@ -666,7 +666,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { */ public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() { mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); // Add admin1. @@ -2685,7 +2684,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL); - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); // Check that the system user is unaffiliated. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; @@ -4222,8 +4220,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } public void testGetBindDeviceAdminTargetUsers() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); - // Setup device owner. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); @@ -6055,7 +6051,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } public void testGetAllCrossProfilePackages_notSet_returnsEmpty() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); mContext.packageName = admin1.getPackageName(); @@ -6067,7 +6062,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { public void testGetAllCrossProfilePackages_notSet_dpmsReinitialized_returnsEmpty() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); mContext.packageName = admin1.getPackageName(); @@ -6079,7 +6073,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } public void testGetAllCrossProfilePackages_whenSet_returnsCombinedSet() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); final Set<String> packages = Sets.newSet("TEST_PACKAGE", "TEST_COMMON_PACKAGE"); mContext.packageName = admin1.getPackageName(); @@ -6097,7 +6090,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { public void testGetAllCrossProfilePackages_whenSet_dpmsReinitialized_returnsCombinedSet() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); final Set<String> packages = Sets.newSet("TEST_PACKAGE", "TEST_COMMON_PACKAGE"); mContext.packageName = admin1.getPackageName(); @@ -6269,8 +6261,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() throws Exception { - mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); - final int managedProfileUserId = 15; final int managedProfileAdminUid = UserHandle.getUid(managedProfileUserId, 19436); |