Grant Device ID access to PO/DO delegates
Let the delegated certificate installer access device identifiers (serial number, IMEI, meid) via the standard platform APIs. This makes sense since the DO/PO can already access Device IDs and there's no technical barrier from the DO/PO to send the Device IDs to the app it nominated as the delegate. To make things simpler for the delegate and DPC, let the delegate access the Device IDs directly. Bug: 120616022 Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstallerDirectly Change-Id: I0c996eeb0d35e99821ca3dcfe1afda01cd5ceb2f
This commit is contained in:
@@ -8364,16 +8364,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
!= PackageManager.PERMISSION_GRANTED) {
|
||||
return false;
|
||||
}
|
||||
// Allow access to the device owner.
|
||||
|
||||
// Allow access to the device owner or delegate cert installer.
|
||||
ComponentName deviceOwner = getDeviceOwnerComponent(true);
|
||||
if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) {
|
||||
if (deviceOwner != null && (deviceOwner.getPackageName().equals(packageName)
|
||||
|| isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) {
|
||||
return true;
|
||||
}
|
||||
// Allow access to the profile owner for the specified user.
|
||||
// Allow access to the profile owner for the specified user, or delegate cert installer
|
||||
ComponentName profileOwner = getProfileOwnerAsUser(userHandle);
|
||||
if (profileOwner != null && profileOwner.getPackageName().equals(packageName)) {
|
||||
if (profileOwner != null && (profileOwner.getPackageName().equals(packageName)
|
||||
|| isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
Log.w(LOG_TAG, String.format("Package if %s (uid=%d, pid=%d) cannot access Device IDs",
|
||||
packageName, uid, pid));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user