Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "DPC should not be allowed to grant development permission" into oc-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2017-09-11 03:22:05 +00:00
committed by Android (Google) Code Review
parent 84aa3f4c81 d05d2bac84
commit 5e4b2b15ec
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -98,6 +98,7 @@ import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.PackageManagerInternal;
import android.content.pm.ParceledListSlice;
import android.content.pm.PermissionInfo;
import android.content.pm.ResolveInfo;
import android.content.pm.ServiceInfo;
import android.content.pm.StringParceledListSlice;
@@ -151,6 +152,7 @@ import android.telephony.TelephonyManager;
import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.EventLog;
import android.util.Log;
import android.util.Pair;
import android.util.Slog;
@@ -9543,6 +9545,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
< android.os.Build.VERSION_CODES.M) {
return false;
}
if (!isRuntimePermission(permission)) {
EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");
return false;
}
final PackageManager packageManager = mInjector.getPackageManager();
switch (grantState) {
case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -9569,6 +9575,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return true;
} catch (SecurityException se) {
return false;
} catch (NameNotFoundException e) {
return false;
} finally {
mInjector.binderRestoreCallingIdentity(ident);
}
@@ -9618,6 +9626,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {
final PackageManager packageManager = mInjector.getPackageManager();
PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);
return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
== PermissionInfo.PROTECTION_DANGEROUS;
}
@Override
public boolean isProvisioningAllowed(String action, String packageName) {
Preconditions.checkNotNull(packageName);