Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0423b8f7 authored by Edman Anjos's avatar Edman Anjos
Browse files

Fix is installed check condition in DevicePolicyManagerService 

DPMS#setDelegatedScopes generally enforces the delegate is installed in
the device, but this check should be skipped on DELEGATION_CERT_INSTALL
scopes on pre-N. Additionally the check is also skipped when clearing up
delegations on pre-N. The check was extracted to a separate function for
clarity.

Bug: 35234284
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.ProfileOwnerTestApi23#testDelegatedCertInstaller
Change-Id: Ib723b58243f901af907e368017b1ae0bb101360d
parent e20e7ebb

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+28 −4
Original line number Diff line number Diff line
@@ -4874,6 +4874,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }.execute();

    }



    /**

     * Determine whether DPMS should check if a delegate package is already installed before

     * granting it new delegations via {@link #setDelegatedScopes}.

     */

    private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage,

            int targetSdk, List<String> scopes) {

        // 1) Never skip is installed check from N.

        if (targetSdk >= Build.VERSION_CODES.N) {

            return true;

        }

        // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given.

        if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) {

            return false;

        }

        // 3) Skip if all previously granted scopes are being cleared.

        if (scopes.isEmpty()) {

            return false;

        }

        // Otherwise it should check that delegatePackage is installed.

        return true;

    }



    /**

     * Set the scopes of a device owner or profile owner delegate.

     *
@@ -4900,8 +4922,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            // Ensure calling process is device/profile owner.

            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N).

            if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL) ||

                    getTargetSdk(who.getPackageName(), userId) >= Build.VERSION_CODES.N) {

            if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage,

                        getTargetSdk(who.getPackageName(), userId), scopes)) {

                // Throw when the delegate package is not installed.

                if (!isPackageInstalledForUser(delegatePackage, userId)) {

                    throw new IllegalArgumentException("Package " + delegatePackage
@@ -5119,8 +5141,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                final String currentPackage = policy.mDelegationMap.keyAt(i);

                final List<String> currentScopes = policy.mDelegationMap.valueAt(i);



                if (!currentPackage.equals(delegatePackage) && currentScopes.remove(scope)) {

                    setDelegatedScopes(who, currentPackage, currentScopes);

                if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) {

                    final List<String> newScopes = new ArrayList(currentScopes);

                    newScopes.remove(scope);

                    setDelegatedScopes(who, currentPackage, newScopes);

                }

            }

        }