The profile owner shouldn't control lock task

Since managed profiles are started on bootup, the managed profile would be allowed to set an app (possibly itself) as a lock task app and then run itself on bootup and constantly control the device. This privelege should be restricted to device owners. Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
2014-06-24 11:12:42 -04:00
parent 9e58b3c61c
commit c5185f2bf1
2 changed files with 5 additions and 7 deletions
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2349,7 +2349,7 @@ public class DevicePolicyManager {
     * <p>Any packages that shares uid with an allowed package will also be allowed
     * to activate lock task.
     *
-     * This function can only be called by the device owner or the profile owner.
+     * This function can only be called by the device owner.
     * @param packages The list of packages allowed to enter lock task mode
     *
     * @see Activity#startLockTask()
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3732,7 +3732,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
    /**
     * Sets which packages may enter lock task mode.
     *
-     * This function can only be called by the device owner or the profile owner.
+     * This function can only be called by the device owner.
     * @param components The list of components allowed to enter lock task mode.
     */
    public void setLockTaskPackages(String[] packages) throws SecurityException {
@@ -3741,15 +3741,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);

        synchronized (this) {
-            // Check whether any of the package name is the device owner or the profile owner.
+            // Check whether any of the package name is the device owner.
            for (int i=0; i<packageNames.length; i++) {
                String packageName = packageNames[i];
                int userHandle = UserHandle.getUserId(uid);
-                String profileOwnerPackage = getProfileOwner(userHandle);
-                if (isDeviceOwner(packageName) ||
-                    (profileOwnerPackage != null && profileOwnerPackage.equals(packageName))) {
+                if (isDeviceOwner(packageName)) {

-                    // If a package name is the device owner or the profile owner,
+                    // If a package name is the device owner,
                    // we update the component list.
                    DevicePolicyData policy = getUserData(userHandle);
                    policy.mLockTaskPackages.clear();