From 57378939c51541166ea670c1ddea963bd04a567e Mon Sep 17 00:00:00 2001 From: Eric Sandness Date: Tue, 27 Mar 2018 13:22:52 +0100 Subject: [PATCH] Permission Check For DPM Get IME API Require the caller of DPM.getPermittedInputMethodsForCurrentUser() to hold the MANAGE_USERS permission. The only callers should be settings apps which already hold this permission. Bug: 62343414 Test: Manage IME list in the Settings app Test: com.google.android.gts.devicepolicy.DeviceOwnerTest#testPermitInputMethods Change-Id: I0d162f8f51d16e403a950ee5d942502c2cf20181 --- core/java/android/app/admin/DevicePolicyManager.java | 1 + .../android/server/devicepolicy/DevicePolicyManagerService.java | 1 + 2 files changed, 2 insertions(+) diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 3015398e97ee8..d0d6301335936 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -6340,6 +6340,7 @@ public class DevicePolicyManager { * @hide */ @SystemApi + @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public @Nullable List getPermittedInputMethodsForCurrentUser() { throwIfParentInstance("getPermittedInputMethodsForCurrentUser"); if (mService != null) { diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 1e216a3cff867..160016d9625fc 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8738,6 +8738,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public List getPermittedInputMethodsForCurrentUser() { + enforceManageUsers(); UserInfo currentUser; try { currentUser = mInjector.getIActivityManager().getCurrentUser();