Revert "A few permission fixes." (1db0f118) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+14 −19

Original line number	Original line	Diff line number	Diff line
	@@ -12173,7 +12173,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}

	CallerIdentity caller;		CallerIdentity caller;
	if (isPolicyEngineForFinanceFlagEnabled()) {		if (isPermissionCheckFlagEnabled()) {
	caller = getCallerIdentity(who, callerPackageName);		caller = getCallerIdentity(who, callerPackageName);
	} else {		} else {
	caller = getCallerIdentity(who);		caller = getCallerIdentity(who);
	@@ -12183,7 +12183,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	int userId = getProfileParentUserIfRequested(		int userId = getProfileParentUserIfRequested(
	caller.getUserId(), calledOnParentInstance);		caller.getUserId(), calledOnParentInstance);
	if (calledOnParentInstance) {		if (calledOnParentInstance) {
	if (!isPolicyEngineForFinanceFlagEnabled()) {		if (!isPermissionCheckFlagEnabled()) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	isProfileOwnerOfOrganizationOwnedDevice(caller));		isProfileOwnerOfOrganizationOwnedDevice(caller));
	}		}
	@@ -12191,7 +12191,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	"Permitted input methods must allow all input methods or only "		"Permitted input methods must allow all input methods or only "
	+ "system input methods when called on the parent instance of an "		+ "system input methods when called on the parent instance of an "
	+ "organization-owned device");		+ "organization-owned device");
	} else if (!isPolicyEngineForFinanceFlagEnabled()) {		} else if (!isPermissionCheckFlagEnabled()) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	isDefaultDeviceOwner(caller) \|\| isProfileOwner(caller));		isDefaultDeviceOwner(caller) \|\| isProfileOwner(caller));
	}		}
	@@ -12215,9 +12215,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	synchronized (getLockObject()) {		synchronized (getLockObject()) {
	if (isPolicyEngineForFinanceFlagEnabled()) {		if (isPolicyEngineForFinanceFlagEnabled()) {
	EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(		EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackageName);
	who, MANAGE_DEVICE_POLICY_INPUT_METHODS,
	caller.getPackageName(), userId);
	mDevicePolicyEngine.setLocalPolicy(		mDevicePolicyEngine.setLocalPolicy(
	PolicyDefinition.PERMITTED_INPUT_METHODS,		PolicyDefinition.PERMITTED_INPUT_METHODS,
	admin,		admin,
	@@ -13412,13 +13410,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	public void setUserRestrictionGlobally(String callerPackage, String key) {		public void setUserRestrictionGlobally(String callerPackage, String key) {
	final CallerIdentity caller = getCallerIdentity(callerPackage);		final CallerIdentity caller = getCallerIdentity(callerPackage);

	EnforcingAdmin admin = enforcePermissionForUserRestriction(
	/* who= */ null,
	key,
	caller.getPackageName(),
	UserHandle.USER_ALL
	);

	checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_USER_RESTRICTION);		checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_USER_RESTRICTION);

	if (!isPolicyEngineForFinanceFlagEnabled()) {		if (!isPolicyEngineForFinanceFlagEnabled()) {
	@@ -13435,6 +13426,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	throw new IllegalArgumentException("Invalid restriction key: " + key);		throw new IllegalArgumentException("Invalid restriction key: " + key);
	}		}

			EnforcingAdmin admin = enforcePermissionForUserRestriction(
			/* who= */ null,
			key,
			caller.getPackageName(),
			UserHandle.USER_ALL
			);

	setGlobalUserRestrictionInternal(admin, key, /* enabled= */ true);		setGlobalUserRestrictionInternal(admin, key, /* enabled= */ true);

	logUserRestrictionCall(key, /* enabled= / true, / parent= */ false, caller);		logUserRestrictionCall(key, /* enabled= / true, / parent= */ false, caller);
	@@ -22799,7 +22797,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	MANAGE_DEVICE_POLICY_DISPLAY,		MANAGE_DEVICE_POLICY_DISPLAY,
	MANAGE_DEVICE_POLICY_FACTORY_RESET,		MANAGE_DEVICE_POLICY_FACTORY_RESET,
	MANAGE_DEVICE_POLICY_FUN,		MANAGE_DEVICE_POLICY_FUN,
	MANAGE_DEVICE_POLICY_INPUT_METHODS,
	MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,		MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,
	MANAGE_DEVICE_POLICY_KEYGUARD,		MANAGE_DEVICE_POLICY_KEYGUARD,
	MANAGE_DEVICE_POLICY_LOCALE,		MANAGE_DEVICE_POLICY_LOCALE,
	@@ -22875,11 +22872,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	MANAGE_DEVICE_POLICY_BLUETOOTH,		MANAGE_DEVICE_POLICY_BLUETOOTH,
	MANAGE_DEVICE_POLICY_CALLS,		MANAGE_DEVICE_POLICY_CALLS,
	MANAGE_DEVICE_POLICY_CAMERA,		MANAGE_DEVICE_POLICY_CAMERA,
	MANAGE_DEVICE_POLICY_CERTIFICATES,
	MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,		MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,
	MANAGE_DEVICE_POLICY_DISPLAY,		MANAGE_DEVICE_POLICY_DISPLAY,
	MANAGE_DEVICE_POLICY_FACTORY_RESET,		MANAGE_DEVICE_POLICY_FACTORY_RESET,
	MANAGE_DEVICE_POLICY_INPUT_METHODS,
	MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,		MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,
	MANAGE_DEVICE_POLICY_KEYGUARD,		MANAGE_DEVICE_POLICY_KEYGUARD,
	MANAGE_DEVICE_POLICY_LOCALE,		MANAGE_DEVICE_POLICY_LOCALE,
	@@ -22912,6 +22907,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	MANAGE_DEVICE_POLICY_ACROSS_USERS,		MANAGE_DEVICE_POLICY_ACROSS_USERS,
	MANAGE_DEVICE_POLICY_AIRPLANE_MODE,		MANAGE_DEVICE_POLICY_AIRPLANE_MODE,
	MANAGE_DEVICE_POLICY_APPS_CONTROL,		MANAGE_DEVICE_POLICY_APPS_CONTROL,
			MANAGE_DEVICE_POLICY_CERTIFICATES,
	MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE,		MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE,
	MANAGE_DEVICE_POLICY_DEFAULT_SMS,		MANAGE_DEVICE_POLICY_DEFAULT_SMS,
	MANAGE_DEVICE_POLICY_LOCALE,		MANAGE_DEVICE_POLICY_LOCALE,
	@@ -23036,12 +23032,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	//Map of Permission to Delegate Scope.		//Map of Permission to Delegate Scope.
	private static final HashMap<String, String> DELEGATE_SCOPES = new HashMap<>();		private static final HashMap<String, String> DELEGATE_SCOPES = new HashMap<>();
	{		{
			DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, DELEGATION_PERMISSION_GRANT);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, DELEGATION_APP_RESTRICTIONS);		DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, DELEGATION_APP_RESTRICTIONS);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL, DELEGATION_BLOCK_UNINSTALL);		DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL, DELEGATION_BLOCK_UNINSTALL);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_CERTIFICATES, DELEGATION_CERT_INSTALL);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_PACKAGE_STATE, DELEGATION_PACKAGE_ACCESS);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, DELEGATION_PERMISSION_GRANT);
	DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_SECURITY_LOGGING, DELEGATION_SECURITY_LOGGING);		DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_SECURITY_LOGGING, DELEGATION_SECURITY_LOGGING);
			DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_PACKAGE_STATE, DELEGATION_PACKAGE_ACCESS);
	}		}

	private static final HashMap<String, String> CROSS_USER_PERMISSIONS =		private static final HashMap<String, String> CROSS_USER_PERMISSIONS =