OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7157c2c)
Don't always transfer device owner status to other users.
authorNicolas Prevot <nprevot@google.com>
Tue, 28 Jul 2015 19:41:12 +0000 (20:41 +0100)
committerRubin Xu <rubinxu@google.com>
Fri, 31 Jul 2015 08:32:15 +0000 (09:32 +0100)
A device owner cannot use device or profile owner policies on
other users unless it is profile owner there. Also limit device
initializer to system apps only.

Bug: 21800830
Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java patch | blob | history

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 5d05f32..0f85af6 100644 (file)
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -1277,11 +1277,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 && !hasUserSetupCompleted(userId);
 
         if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
-            if (ownsDevice || (userId == UserHandle.USER_OWNER && ownsInitialization)) {
+            if ((userId == UserHandle.USER_OWNER && (ownsDevice || ownsInitialization))
+                    || (ownsDevice && ownsProfile)) {
                 return true;
             }
         } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
-            if (ownsDevice || ownsProfile || ownsInitialization) {
+            if ((userId == UserHandle.USER_OWNER && ownsDevice) || ownsProfile
+                    || ownsInitialization) {
                 return true;
             }
         } else {
@@ -4236,6 +4238,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             throw new IllegalArgumentException("Invalid component name " + initializer
                     + " for device initializer");
         }
+        boolean isInitializerSystemApp;
+        try {
+            isInitializerSystemApp = isSystemApp(AppGlobals.getPackageManager(),
+                    initializer.getPackageName(), Binder.getCallingUserHandle().getIdentifier());
+        } catch (RemoteException | IllegalArgumentException e) {
+            isInitializerSystemApp = false;
+            Slog.e(LOG_TAG, "Fail to check if device initialzer is system app.", e);
+        }
+        if (!isInitializerSystemApp) {
+            throw new IllegalArgumentException("Only system app can be set as device initializer.");
+        }
         synchronized (this) {
             enforceCanSetDeviceInitializer(who);
 
frameworks/base
About OSDN
Find Software
Develop Software
Help