The previously used permission was doing double duty as the permission
that device admins to check for to ensure that calls are coming from valid
system components.
MANAGE_DEVICE_ADMINS is system|signature and is now required to add/remove
device admins.
Required for:
Bug:
9856348
Change-Id: I64385d2ec734c3957af21b5a5d9cffd8a3bcd299
field public static final java.lang.String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";
field public static final java.lang.String MANAGE_ACCOUNTS = "android.permission.MANAGE_ACCOUNTS";
field public static final java.lang.String MANAGE_APP_TOKENS = "android.permission.MANAGE_APP_TOKENS";
+ field public static final java.lang.String MANAGE_DEVICE_ADMINS = "android.permission.MANAGE_DEVICE_ADMINS";
field public static final java.lang.String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";
field public static final java.lang.String MASTER_CLEAR = "android.permission.MASTER_CLEAR";
field public static final java.lang.String MODIFY_AUDIO_SETTINGS = "android.permission.MODIFY_AUDIO_SETTINGS";
android:description="@string/permdesc_bindDeviceAdmin"
android:protectionLevel="signature" />
+ <!-- Required to add or remove another application as a device admin.
+ <p/>Not for use by third-party apps. -->
+ <permission android:name="android.permission.MANAGE_DEVICE_ADMINS"
+ android:label="@string/permlab_manageDeviceAdmins"
+ android:description="@string/permdesc_manageDeviceAdmins"
+ android:protectionLevel="signature|system" />
+
<!-- Allows low-level access to setting the orientation (actually
rotation) of the screen.
<p>Not for use by third-party applications. -->
a device administrator. Should never be needed for normal apps.</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_manageDeviceAdmins">add or remove a device admin</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_manageDeviceAdmins">Allows the holder to add or remove active device
+ administrators. Should never be needed for normal apps.</string>
+
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_setOrientation">change screen orientation</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_setOrientation">Allows the app to change
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
<uses-permission android:name="android.permission.BIND_APPWIDGET" />
<uses-permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW" />
+ <uses-permission android:name="android.permission.MANAGE_DEVICE_ADMINS" />
<uses-permission android:name="android.permission.BIND_DEVICE_ADMIN" />
<uses-permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
*/
public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) {
mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.BIND_DEVICE_ADMIN, null);
+ android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
enforceCrossUserPermission(userHandle);
DevicePolicyData policy = getUserData(userHandle);
return;
}
mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.BIND_DEVICE_ADMIN, null);
+ android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
}
long ident = Binder.clearCallingIdentity();
try {