Loading core/java/android/app/admin/DevicePolicyManager.java +3 −1 Original line number Diff line number Diff line Loading @@ -51,6 +51,7 @@ import android.content.pm.UserInfo; import android.graphics.Bitmap; import android.net.ProxyInfo; import android.net.Uri; import android.os.Binder; import android.os.Bundle; import android.os.Parcelable; import android.os.PersistableBundle; Loading Loading @@ -5786,7 +5787,8 @@ public class DevicePolicyManager { } if (mService != null) { try { return mService.checkDeviceIdentifierAccess(packageName, userId); return mService.checkDeviceIdentifierAccess(packageName, userId, Binder.getCallingPid(), Binder.getCallingUid()); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading core/java/android/app/admin/IDevicePolicyManager.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -153,7 +153,7 @@ interface IDevicePolicyManager { void clearProfileOwner(in ComponentName who); boolean hasUserSetupCompleted(); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid); void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo); CharSequence getDeviceOwnerLockScreenInfo(); Loading core/java/android/os/Build.java +3 −3 Original line number Diff line number Diff line Loading @@ -130,9 +130,9 @@ public class Build { * <a href="/training/articles/security-key-attestation.html">key attestation</a> to obtain * proof of the device's original identifiers. * * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the * device or profile owner. Profile owner access is deprecated and will be removed in a future * release. * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the * device or profile owner and have the READ_PHONE_STATE permission. Profile owner access is * deprecated and will be removed in a future release. * * @return The serial number if specified. */ Loading services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,7 +70,8 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) { public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { return false; } Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +15 −1 Original line number Diff line number Diff line Loading @@ -7871,7 +7871,21 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) { public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { // If the caller is not a system app then it should only be able to check its own device // identifier access. int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid()); if (callingAppId >= Process.FIRST_APPLICATION_UID && callingAppId != UserHandle.getAppId(uid)) { return false; } // A device or profile owner must also have the READ_PHONE_STATE permission to access device // identifiers. If the package being checked does not have this permission then deny access. if (mContext.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, uid) != PackageManager.PERMISSION_GRANTED) { return false; } // Allow access to the device owner. ComponentName deviceOwner = getDeviceOwnerComponent(true); if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) { Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +3 −1 Original line number Diff line number Diff line Loading @@ -51,6 +51,7 @@ import android.content.pm.UserInfo; import android.graphics.Bitmap; import android.net.ProxyInfo; import android.net.Uri; import android.os.Binder; import android.os.Bundle; import android.os.Parcelable; import android.os.PersistableBundle; Loading Loading @@ -5786,7 +5787,8 @@ public class DevicePolicyManager { } if (mService != null) { try { return mService.checkDeviceIdentifierAccess(packageName, userId); return mService.checkDeviceIdentifierAccess(packageName, userId, Binder.getCallingPid(), Binder.getCallingUid()); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -153,7 +153,7 @@ interface IDevicePolicyManager { void clearProfileOwner(in ComponentName who); boolean hasUserSetupCompleted(); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid); void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo); CharSequence getDeviceOwnerLockScreenInfo(); Loading
core/java/android/os/Build.java +3 −3 Original line number Diff line number Diff line Loading @@ -130,9 +130,9 @@ public class Build { * <a href="/training/articles/security-key-attestation.html">key attestation</a> to obtain * proof of the device's original identifiers. * * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the * device or profile owner. Profile owner access is deprecated and will be removed in a future * release. * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the * device or profile owner and have the READ_PHONE_STATE permission. Profile owner access is * deprecated and will be removed in a future release. * * @return The serial number if specified. */ Loading
services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -70,7 +70,8 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) { public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { return false; } Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +15 −1 Original line number Diff line number Diff line Loading @@ -7871,7 +7871,21 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) { public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { // If the caller is not a system app then it should only be able to check its own device // identifier access. int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid()); if (callingAppId >= Process.FIRST_APPLICATION_UID && callingAppId != UserHandle.getAppId(uid)) { return false; } // A device or profile owner must also have the READ_PHONE_STATE permission to access device // identifiers. If the package being checked does not have this permission then deny access. if (mContext.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, uid) != PackageManager.PERMISSION_GRANTED) { return false; } // Allow access to the device owner. ComponentName deviceOwner = getDeviceOwnerComponent(true); if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) { Loading
