Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 522076de authored by arangelov's avatar arangelov
Browse files

Clear calling identity when accessing isProfileOwner and listAllOwners 

Last year we added a security fix ag/12968597 to address
b/153995973. Now, some DPM methods require the interact
across users permission, unlike in R. This CL aims to
prevent potential security exceptions in these methods
by clearing their calling identity.

Bug: 182279073
Test: atest DevicePolicyManagerTest
Change-Id: Ie861a7880160563f9613db72e3283edac294a7a1
parent 5f28ee3e

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −12
Original line number Diff line number Diff line
@@ -1207,7 +1207,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    List<OwnerDto> listAllOwners() {

        Preconditions.checkCallAuthorization(

                hasCallingOrSelfPermission(permission.MANAGE_DEVICE_ADMINS));













        return mInjector.binderWithCleanCallingIdentity(() -> {















            List<OwnerDto> owners = mOwners.listAllOwners();















            synchronized (getLockObject()) {















                for (int i = 0; i < owners.size(); i++) {









@@ -1215,8 +1215,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                    owner.isAffiliated = isUserAffiliatedWithDeviceLocked(owner.userId);















                }















            }



























            return owners;













        });















    }





























    /**










@@ -8341,7 +8341,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













    }





























    public boolean isProfileOwner(ComponentName who, int userId) {













        final ComponentName profileOwner = getProfileOwnerAsUser(userId);













        final ComponentName profileOwner = mInjector.binderWithCleanCallingIdentity(() ->













                getProfileOwnerAsUser(userId));















        return who != null && who.equals(profileOwner);















    }























@@ -8358,7 +8359,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













     */















    public boolean isProfileOwner(CallerIdentity caller) {















        synchronized (getLockObject()) {













            final ComponentName profileOwner = getProfileOwnerAsUser(caller.getUserId());













            final ComponentName profileOwner = mInjector.binderWithCleanCallingIdentity(() ->













                    getProfileOwnerAsUser(caller.getUserId()));















            // No profile owner.















            if (profileOwner == null) {















                return false;










@@ -8980,7 +8982,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        Preconditions.checkArgumentNonnegative(userId, "Invalid userId");





























        CallerIdentity caller = getCallerIdentity();













        Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userId));













        Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userId)













                || hasFullCrossUsersPermission(caller, userId));





























        synchronized (getLockObject()) {















            return mOwners.getProfileOwnerComponent(userId);