From e3b676763f0889c3f3202ca7dab94f927a24ad1f Mon Sep 17 00:00:00 2001
From: "insight.lee" <insight.lee@lge.com>
Date: Mon, 8 May 2017 16:10:12 +0900
Subject: [PATCH] Allow ManagedProvisioning to silently uninstall apps

1. During device owner provisioning, ManagedProvisioning uninstalls
non-required apps. Apps to remove are all system apps in the reference
device. On the other hand, OEM devices have several non system apps,
so ManagedProvisioning can not uninstall them and can not complete
device owner provisioning permarnently.

2. This commit allows ManagedProvisioning having
MANAGE_PROFILE_AND_DEVICE_OWNERS permission to uninstall non-required
apps silently.

Bug: 37681141

Test: manual

Signed-off-by : Sungmin Lee <insight.lee@lge.com>

Change-Id: I201b070f4bcf453a2ffb391600853c7e595aec5d
---
 .../com/android/server/pm/PackageManagerService.java     | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 35cc526992700..27de4ac56b0c3 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -18,6 +18,7 @@ package com.android.server.pm;
 
 import static android.Manifest.permission.DELETE_PACKAGES;
 import static android.Manifest.permission.INSTALL_PACKAGES;
+import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
 import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
 import static android.Manifest.permission.REQUEST_DELETE_PACKAGES;
 import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
@@ -18333,6 +18334,14 @@ public class PackageManagerService extends IPackageManager.Stub
                 callingUid == getPackageUid(mStorageManagerPackage, 0, callingUserId)) {
             return true;
         }
+
+        // Allow caller having MANAGE_PROFILE_AND_DEVICE_OWNERS permission to silently
+        // uninstall for device owner provisioning.
+        if (checkUidPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS, callingUid)
+                == PERMISSION_GRANTED) {
+            return true;
+        }
+
         return false;
     }