Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0bc24f62 authored by Eran Messeri's avatar Eran Messeri
Browse files

Device ID attestation for Corp-owned Profile Owner: follow-up 

A small clean-up CL to follow-up on two comments from the original
review:
* Remove the new permission from privapp-permissions-platform.xml as it
is a signature-level permission, not a privileged premission, and as
such does not need to be in that file.
* Do not store the grant state if it's set to false - since the
de-serialization code will only care if there's a "true" value stored.

Bug: 111335970
Test: Manual
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testKeyManagement
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDeviceIdAttestationForProfileOwner
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstallerDeviceIdAttestation
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDeviceIdAttestation
Change-Id: I8b570220f5652846fccc53b5e4daaa57f89eb824
parent 960bde36

data/etc/privapp-permissions-platform.xml

+0 −1
Original line number Diff line number Diff line
@@ -91,7 +91,6 @@ applications that come with the platform 
        <permission name="android.permission.CONNECTIVITY_INTERNAL"/>

        <permission name="android.permission.CRYPT_KEEPER"/>

        <permission name="android.permission.DELETE_PACKAGES"/>

        <permission name="android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS"/>

        <permission name="android.permission.INSTALL_PACKAGES"/>

        <permission name="android.permission.INTERACT_ACROSS_USERS"/>

        <permission name="android.permission.MANAGE_DEVICE_ADMINS"/>

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+4 −2
Original line number Diff line number Diff line
@@ -969,8 +969,10 @@ class Owners { 
            if (remoteBugreportHash != null) {

                out.attribute(null, ATTR_REMOTE_BUGREPORT_HASH, remoteBugreportHash);

            }

            if (canAccessDeviceIds) {

                out.attribute(null, ATTR_CAN_ACCESS_DEVICE_IDS,

                        String.valueOf(canAccessDeviceIds));

            }

            out.endTag(null, tag);

        }