Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0b80fb29 authored by Tony Mak's avatar Tony Mak Committed by android-build-merger
Browse files

Merge "DPC should not be allowed to grant development permission" into oc-dev am: 5e4b2b15 

am: f1aea743

Change-Id: I80e7885580b9ac17eaf8d7f232684b357b1c84da
parents 05c679e9 f1aea743

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −0
Original line number Diff line number Diff line
@@ -99,6 +99,7 @@ import android.content.pm.PackageManager; 
import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.PackageManagerInternal;

import android.content.pm.ParceledListSlice;

import android.content.pm.PermissionInfo;

import android.content.pm.ResolveInfo;

import android.content.pm.ServiceInfo;

import android.content.pm.StringParceledListSlice;
@@ -152,6 +153,7 @@ import android.telephony.TelephonyManager; 
import android.text.TextUtils;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.EventLog;

import android.util.Log;

import android.util.Pair;

import android.util.Slog;
@@ -9590,6 +9592,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                        < android.os.Build.VERSION_CODES.M) {

                    return false;

                }

                if (!isRuntimePermission(permission)) {

                    EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");

                    return false;

                }

                final PackageManager packageManager = mInjector.getPackageManager();

                switch (grantState) {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -9616,6 +9622,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                return true;

            } catch (SecurityException se) {

                return false;

            } catch (NameNotFoundException e) {

                return false;

            } finally {

                mInjector.binderRestoreCallingIdentity(ident);

            }
@@ -9665,6 +9673,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }



    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {

        final PackageManager packageManager = mInjector.getPackageManager();

        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);

        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                == PermissionInfo.PROTECTION_DANGEROUS;

    }



    @Override

    public boolean isProvisioningAllowed(String action, String packageName) {

        Preconditions.checkNotNull(packageName);