Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 28b9570d authored by Esteban Talavera's avatar Esteban Talavera
Browse files

Reset permission policy to default when device owner goes away 

Otherwise after the Device Owner is gone, runtime
permissions might still be auto granted/denied.
I understand that there are many other policies that
we don't reset after the device/profile owner goes
away (e.g. keyguard enabled/disabled). At least now
we have a single method when we could clear the
ones that we care about.

Bug: 21889278
Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
parent 2e561546

core/java/android/app/admin/DevicePolicyManager.java

+1 −1
Original line number Diff line number Diff line
@@ -4332,7 +4332,7 @@ public class DevicePolicyManager { 
     * @param admin Which profile or device owner this request is associated with.

     * @return the current policy for future permission requests.

     */

    public int getPermissionPolicy(@NonNull ComponentName admin) {

    public int getPermissionPolicy(ComponentName admin) {

        try {

            return mService.getPermissionPolicy(admin);

        } catch (RemoteException re) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+31 −35
Original line number Diff line number Diff line
@@ -4214,21 +4214,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            throw new SecurityException("clearDeviceOwner can only be called by the device owner");

        }

        synchronized (this) {

            long ident = Binder.clearCallingIdentity();

            try {

                clearUserRestrictions(new UserHandle(UserHandle.USER_OWNER));

                AppGlobals.getPackageManager().updatePermissionFlagsForAllApps(

                        PackageManager.FLAG_PERMISSION_POLICY_FIXED,

                        0, UserHandle.USER_OWNER);

            clearUserPoliciesLocked(new UserHandle(UserHandle.USER_OWNER));

            if (mDeviceOwner != null) {

                mDeviceOwner.clearDeviceOwner();

                mDeviceOwner.writeOwnerFile();

                updateDeviceOwnerLocked();

            }

            } catch (RemoteException re) {

            } finally {

                Binder.restoreCallingIdentity(ident);

            }

        }

    }
@@ -4378,33 +4369,38 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            return;

        }

        UserHandle callingUser = Binder.getCallingUserHandle();

        int userId = callingUser.getIdentifier();

        // Check if this is the profile owner who is calling

        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

        synchronized (this) {

            // Reset some of the profile-owner policies

            clearUserPoliciesLocked(callingUser);

            if (mDeviceOwner != null) {

                mDeviceOwner.removeProfileOwner(callingUser.getIdentifier());

                mDeviceOwner.writeOwnerFile();

            }

        }

    }



    private void clearUserPoliciesLocked(UserHandle userHandle) {

        int userId = userHandle.getIdentifier();

        // Reset some of the user-specific policies

        DevicePolicyData policy = getUserData(userId);

        policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT;

        policy.mDelegatedCertInstallerPackage = null;

        policy.mStatusBarDisabled = false;

        saveSettingsLocked(userId);



            long ident = Binder.clearCallingIdentity();

        final long ident = Binder.clearCallingIdentity();

        try {

                clearUserRestrictions(callingUser);

            clearUserRestrictions(userHandle);

            AppGlobals.getPackageManager().updatePermissionFlagsForAllApps(

                    PackageManager.FLAG_PERMISSION_POLICY_FIXED,

                        0, callingUser.getIdentifier());

                if (mDeviceOwner != null) {

                    mDeviceOwner.removeProfileOwner(userId);

                    mDeviceOwner.writeOwnerFile();

                }

                    0  /* flagValues */, userHandle.getIdentifier());

        } catch (RemoteException re) {

        } finally {

            Binder.restoreCallingIdentity(ident);

        }

    }

    }





    private void clearUserRestrictions(UserHandle userHandle) {

        AudioManager audioManager =