Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f2bf87a authored by kholoud mohamed's avatar kholoud mohamed
Browse files

Add QUERY_ADMIN_POLICY to some DevicePolicyManaged APIs 

Allowed holders of QUERY_ADMIN_POLICY to access the following APIs:
* getPermittedAccessibilityServices
* getPermittedInputMethodsForCurrentUser

Test: manual testing
Bug: 188410712
Bug: 205707885
Bug: 206107027
Change-Id: I76b86313cadd23b51d486f76a3e8b52196d23c5f
parent 8620e8a4

core/api/system-current.txt

+2 −2
Original line number Diff line number Diff line
@@ -971,8 +971,8 @@ package android.app.admin { 
    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public String getDeviceOwnerNameOnAnyUser();

    method @Nullable public CharSequence getDeviceOwnerOrganizationName();

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getDeviceOwnerUser();

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser();

    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);

    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser();

    method @Nullable public android.content.ComponentName getProfileOwner() throws java.lang.IllegalArgumentException;

    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public String getProfileOwnerNameAsUser(int) throws java.lang.IllegalArgumentException;

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public int getUserProvisioningState();

core/java/android/app/admin/DevicePolicyManager.java

+6 −2
Original line number Diff line number Diff line
@@ -9140,7 +9140,9 @@ public class DevicePolicyManager { 
     * @hide

     */

     @SystemApi

     @RequiresPermission(android.Manifest.permission.MANAGE_USERS)

     @RequiresPermission(anyOf = {

             android.Manifest.permission.MANAGE_USERS,

             android.Manifest.permission.QUERY_ADMIN_POLICY})

     public @Nullable List<String> getPermittedAccessibilityServices(int userId) {

        throwIfParentInstance("getPermittedAccessibilityServices");

        if (mService != null) {
@@ -9277,7 +9279,9 @@ public class DevicePolicyManager { 
     * @hide

     */

    @SystemApi

    @RequiresPermission(android.Manifest.permission.MANAGE_USERS)

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public @Nullable List<String> getPermittedInputMethodsForCurrentUser() {

        throwIfParentInstance("getPermittedInputMethodsForCurrentUser");

        if (mService != null) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+4 −2
Original line number Diff line number Diff line
@@ -10231,7 +10231,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
        if (!mHasFeature) {

            return null;

        }

        Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity()));

        Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())

                        || hasCallingOrSelfPermission(permission.QUERY_ADMIN_POLICY));















        synchronized (getLockObject()) {















            List<String> result = null;










@@ -10402,7 +10403,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













    public @Nullable List<String> getPermittedInputMethodsAsUser(@UserIdInt int userId) {















        final CallerIdentity caller = getCallerIdentity();















        Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userId));













        Preconditions.checkCallAuthorization(canManageUsers(caller));













        Preconditions.checkCallAuthorization(canManageUsers(caller)













                || hasCallingOrSelfPermission(permission.QUERY_ADMIN_POLICY));















        final long callingIdentity = Binder.clearCallingIdentity();















        try {















            return getPermittedInputMethodsUnchecked(userId);