OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b5e7bbe)
[RESTRICT AUTOMERGE] Added missing permission check to isPackageDeviceAdminOnAnyUser.
authorBryan Ferris <bferris@google.com>
Thu, 4 Apr 2019 22:18:52 +0000 (15:18 -0700)
committerBryan Ferris <bferris@google.com>
Thu, 4 Apr 2019 22:23:45 +0000 (15:23 -0700)
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.

Test: Modify the settings app to log the call attempt and follow the
steps below

In order to work around the limitations of N builds we needed to modify
the settings app to log the call attempt. This is described in detail at
b/128599183#comment15

Bug: 128599183
Change-Id: Ie96c8e174983f61574f12d5d4b210d06377054e5

services/core/java/com/android/server/pm/PackageManagerService.java patch | blob | history

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 9493074..478ee29 100644 (file)
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -15637,6 +15637,13 @@ public class PackageManagerService extends IPackageManager.Stub {
 
     @Override
     public boolean isPackageDeviceAdminOnAnyUser(String packageName) {
+        final int callingUid = Binder.getCallingUid();
+        if (checkUidPermission(android.Manifest.permission.MANAGE_USERS, callingUid)
+                != PERMISSION_GRANTED) {
+            EventLog.writeEvent(0x534e4554, "128599183", -1, "");
+            throw new SecurityException(android.Manifest.permission.MANAGE_USERS
+                    + " permission is required to call this API");
+        }
         return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL);
     }
 
frameworks/base
About OSDN
Find Software
Develop Software
Help