From 1a910ef2b40de91e834a5a82d9b75d117a45da04 Mon Sep 17 00:00:00 2001
From: Adam Connors <adamconnors@google.com>
Date: Thu, 5 Jun 2014 10:36:01 +0100
Subject: Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
---
 .../core/java/com/android/server/pm/PackageManagerService.java    | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index bb9366318578..8585b4e31969 100755
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -7829,13 +7829,9 @@ public class PackageManagerService extends IPackageManager.Stub {
     @Override
     public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) {
         mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
+        enforceCrossUserPermission(Binder.getCallingUid(), userId, true,
+                "getApplicationBlocked for user " + userId);
         PackageSetting pkgSetting;
-        final int uid = Binder.getCallingUid();
-        if (UserHandle.getUserId(uid) != userId) {
-            mContext.enforceCallingPermission(
-                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
-                    "getApplicationBlocked for user " + userId);
-        }
         long callingId = Binder.clearCallingIdentity();
         try {
             // writer
-- 
cgit v1.2.3-59-g8ed1b