Loading core/java/android/app/admin/DevicePolicyManager.java +19 −1 Original line number Diff line number Diff line Loading @@ -3193,6 +3193,20 @@ public class DevicePolicyManager { /** * Called by device owners to update {@link Settings.Global} settings. Validation that the value * of the setting is in the correct form for the setting type should be performed by the caller. * <p>The settings that can be updated with this method are: * <ul> * <li>{@link Settings.Global#ADB_ENABLED}</li> * <li>{@link Settings.Global#AUTO_TIME}</li> * <li>{@link Settings.Global#AUTO_TIME_ZONE}</li> * <li>{@link Settings.Global#BLUETOOTH_ON}</li> * <li>{@link Settings.Global#DATA_ROAMING}</li> * <li>{@link Settings.Global#DEVELOPMENT_SETTINGS_ENABLED}</li> * <li>{@link Settings.Global#MODE_RINGER}</li> * <li>{@link Settings.Global#NETWORK_PREFERENCE}</li> * <li>{@link Settings.Global#USB_MASS_STORAGE_ENABLED}</li> * <li>{@link Settings.Global#WIFI_ON}</li> * <li>{@link Settings.Global#WIFI_SLEEP_POLICY}</li> * </ul> * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param setting The name of the setting to update. Loading @@ -3212,7 +3226,11 @@ public class DevicePolicyManager { * Called by profile or device owners to update {@link Settings.Secure} settings. Validation * that the value of the setting is in the correct form for the setting type should be performed * by the caller. * * <p>The settings that can be updated with this method are: * <ul> * <li>{@link Settings.Secure#DEFAULT_INPUT_METHOD}</li> * <li>{@link Settings.Secure#SKIP_FIRST_USE_HINTS}</li> * </ul> * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param setting The name of the setting to update. * @param value The value to update the setting to. Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +31 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_SMS); } private static final Set<String> SECURE_SETTINGS_WHITELIST; private static final Set<String> GLOBAL_SETTINGS_WHITELIST; static { SECURE_SETTINGS_WHITELIST = new HashSet(); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); GLOBAL_SETTINGS_WHITELIST = new HashSet(); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.BLUETOOTH_ON); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.MODE_RINGER); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.NETWORK_PREFERENCE); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_ON); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); } final Context mContext; final UserManager mUserManager; final PowerManager.WakeLock mWakeLock; Loading Loading @@ -5040,6 +5061,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); if (!GLOBAL_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( "Permission denial: device owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); try { Settings.Global.putString(contentResolver, setting, value); Loading @@ -5060,6 +5086,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( "Permission denial: profile/device owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); try { Settings.Secure.putStringForUser(contentResolver, setting, value, callingUserId); Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +19 −1 Original line number Diff line number Diff line Loading @@ -3193,6 +3193,20 @@ public class DevicePolicyManager { /** * Called by device owners to update {@link Settings.Global} settings. Validation that the value * of the setting is in the correct form for the setting type should be performed by the caller. * <p>The settings that can be updated with this method are: * <ul> * <li>{@link Settings.Global#ADB_ENABLED}</li> * <li>{@link Settings.Global#AUTO_TIME}</li> * <li>{@link Settings.Global#AUTO_TIME_ZONE}</li> * <li>{@link Settings.Global#BLUETOOTH_ON}</li> * <li>{@link Settings.Global#DATA_ROAMING}</li> * <li>{@link Settings.Global#DEVELOPMENT_SETTINGS_ENABLED}</li> * <li>{@link Settings.Global#MODE_RINGER}</li> * <li>{@link Settings.Global#NETWORK_PREFERENCE}</li> * <li>{@link Settings.Global#USB_MASS_STORAGE_ENABLED}</li> * <li>{@link Settings.Global#WIFI_ON}</li> * <li>{@link Settings.Global#WIFI_SLEEP_POLICY}</li> * </ul> * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param setting The name of the setting to update. Loading @@ -3212,7 +3226,11 @@ public class DevicePolicyManager { * Called by profile or device owners to update {@link Settings.Secure} settings. Validation * that the value of the setting is in the correct form for the setting type should be performed * by the caller. * * <p>The settings that can be updated with this method are: * <ul> * <li>{@link Settings.Secure#DEFAULT_INPUT_METHOD}</li> * <li>{@link Settings.Secure#SKIP_FIRST_USE_HINTS}</li> * </ul> * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param setting The name of the setting to update. * @param value The value to update the setting to. Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +31 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_SMS); } private static final Set<String> SECURE_SETTINGS_WHITELIST; private static final Set<String> GLOBAL_SETTINGS_WHITELIST; static { SECURE_SETTINGS_WHITELIST = new HashSet(); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); GLOBAL_SETTINGS_WHITELIST = new HashSet(); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.BLUETOOTH_ON); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.MODE_RINGER); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.NETWORK_PREFERENCE); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_ON); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); } final Context mContext; final UserManager mUserManager; final PowerManager.WakeLock mWakeLock; Loading Loading @@ -5040,6 +5061,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); if (!GLOBAL_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( "Permission denial: device owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); try { Settings.Global.putString(contentResolver, setting, value); Loading @@ -5060,6 +5086,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( "Permission denial: profile/device owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); try { Settings.Secure.putStringForUser(contentResolver, setting, value, callingUserId); Loading
