Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Grant Device ID access to PO/DO delegates

Browse Source 
Let the delegated certificate installer access device identifiers
(serial number, IMEI, meid) via the standard platform APIs.

This makes sense since the DO/PO can already access Device IDs and
there's no technical barrier from the DO/PO to send the Device IDs to
the app it nominated as the delegate.

To make things simpler for the delegate and DPC, let the delegate access
the Device IDs directly.

Bug: 120616022
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstallerDirectly
Change-Id: I0c996eeb0d35e99821ca3dcfe1afda01cd5ceb2f
This commit is contained in:
Eran Messeri
2019-01-29 11:04:06 +00:00
parent db19aa43d0
commit 8f2c1913dd
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -8364,16 +8364,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
!= PackageManager.PERMISSION_GRANTED) {
return false;
}
// Allow access to the device owner.
// Allow access to the device owner or delegate cert installer.
ComponentName deviceOwner = getDeviceOwnerComponent(true);
if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) {
if (deviceOwner != null && (deviceOwner.getPackageName().equals(packageName)
|| isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) {
return true;
}
// Allow access to the profile owner for the specified user.
// Allow access to the profile owner for the specified user, or delegate cert installer
ComponentName profileOwner = getProfileOwnerAsUser(userHandle);
if (profileOwner != null && profileOwner.getPackageName().equals(packageName)) {
if (profileOwner != null && (profileOwner.getPackageName().equals(packageName)
|| isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) {
return true;
}
Log.w(LOG_TAG, String.format("Package if %s (uid=%d, pid=%d) cannot access Device IDs",
packageName, uid, pid));
return false;
}