Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ce55390 authored by Tony Mak's avatar Tony Mak
Browse files

DPC should not be allowed to grant development permission 

Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t  com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t  com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t  com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t  com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant
Test: Run "Permissions lockdown" test in CtsVerifier

Merged-In: If83d8edd0eea99145421e967ae47fdc264a5cf7c
Merged-In: I129bfe850981cf0b3646b7c1cf19c8a3ec69f512


Bug: 62623498
Change-Id: Ief96a23fa49f1ea923574840f8ff590a5ea2456e
parent 6a7c6a24

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −0
Original line number Diff line number Diff line
@@ -55,6 +55,7 @@ import android.content.pm.ApplicationInfo; 
import android.content.pm.IPackageManager;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.PermissionInfo;

import android.content.pm.ResolveInfo;

import android.content.pm.ServiceInfo;

import android.content.pm.UserInfo;
@@ -95,6 +96,7 @@ import android.security.KeyChain; 
import android.security.KeyChain.KeyChainConnection;

import android.service.persistentdata.PersistentDataBlockManager;

import android.text.TextUtils;

import android.util.EventLog;

import android.util.Log;

import android.util.PrintWriterPrinter;

import android.util.Printer;
@@ -6444,6 +6446,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                if (targetSdkVersion < android.os.Build.VERSION_CODES.M) {

                    return false;

                }

                if (!isRuntimePermission(permission)) {

                    EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");

                    return false;

                }

                final PackageManager packageManager = mContext.getPackageManager();

                switch (grantState) {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -6469,12 +6475,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                return true;

            } catch (SecurityException se) {

                return false;

            } catch (NameNotFoundException e) {

                return false;

            } finally {

                Binder.restoreCallingIdentity(ident);

            }

        }

    }



    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {

        final PackageManager packageManager = mContext.getPackageManager();

        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);

        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                == PermissionInfo.PROTECTION_DANGEROUS;

    }



    @Override

    public int getPermissionGrantState(ComponentName admin, String packageName,

            String permission) throws RemoteException {