Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1a910ef2 authored by Adam Connors's avatar Adam Connors
Browse files

Allow system process to call getApplicationBlockedAsUser 

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
parent 41eca132

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −6
Original line number Original line Diff line number Diff line
@@ -7829,13 +7829,9 @@ public class PackageManagerService extends IPackageManager.Stub { 
    @Override

    @Override

    public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) {

    public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) {

        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);

        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);

        PackageSetting pkgSetting;

        enforceCrossUserPermission(Binder.getCallingUid(), userId, true,

        final int uid = Binder.getCallingUid();

        if (UserHandle.getUserId(uid) != userId) {

            mContext.enforceCallingPermission(

                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                "getApplicationBlocked for user " + userId);

                "getApplicationBlocked for user " + userId);

        }

        PackageSetting pkgSetting;

        long callingId = Binder.clearCallingIdentity();

        long callingId = Binder.clearCallingIdentity();

        try {

        try {

            // writer

            // writer