Throw exception if sensor permission can't be granted (534652c5) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyManager.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -13725,6 +13725,13 @@ public class DevicePolicyManager {
		* {@link #EXTRA_PROVISIONING_SENSORS_PERMISSION_GRANT_OPT_OUT} in the provisioning parameters.
		* In that case the device owner's control will be limited to denying these permissions.
		* <p>
		* When sensor-related permissions aren't grantable due to the above cases, calling this method
		* to grant these permissions will silently fail, if device admins are built with
		* {@code targetSdkVersion} < {@link android.os.Build.VERSION_CODES#VANILLA_ICE_CREAM}. If
		* they are built with {@code targetSdkVersion} >=
		* {@link android.os.Build.VERSION_CODES#VANILLA_ICE_CREAM}, this method will throw a
		* {@link SecurityException}.
		* <p>
		* NOTE: On devices running {@link android.os.Build.VERSION_CODES#S} and above, control over
		* the following permissions are restricted for managed profile owners:
		* <ul>

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+17 −3

Original line number	Diff line number	Diff line
		@@ -804,11 +804,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		public static final long EXPLICIT_WIPE_BEHAVIOUR = 242193913L;

		/**
		* Apps targetting U+ should now expect that attempts to grant sensor permissions without
		* Apps targeting V+ should now expect that attempts to grant sensor permissions without
		* authorisation will result in a security exception.
		*/
		@ChangeId
		@EnabledSince(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE)
		@EnabledSince(targetSdkVersion = Build.VERSION_CODES.VANILLA_ICE_CREAM)
		public static final long THROW_SECURITY_EXCEPTION_FOR_SENSOR_PERMISSIONS = 277035314L;

		/**
		@@ -16766,7 +16766,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		caller.getUserId());
		if (SENSOR_PERMISSIONS.contains(permission)
		&& grantState == PERMISSION_GRANT_STATE_GRANTED
		&& (!canAdminGrantSensorsPermissions() \|\| isCallerDelegate(caller))) {
		&& !canAdminGrantSensorsPermissions()) {
		if (mInjector.isChangeEnabled(THROW_SECURITY_EXCEPTION_FOR_SENSOR_PERMISSIONS,
		caller.getPackageName(), caller.getUserId())) {
		throw new SecurityException(
		@@ -16789,6 +16789,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		\|\| isFinancedDeviceOwner(caller)))
		\|\| (caller.hasPackage() && isCallerDelegate(caller,
		DELEGATION_PERMISSION_GRANT)));
		if (SENSOR_PERMISSIONS.contains(permission)
		&& grantState == PERMISSION_GRANT_STATE_GRANTED
		&& !canAdminGrantSensorsPermissions()) {
		if (mInjector.isChangeEnabled(THROW_SECURITY_EXCEPTION_FOR_SENSOR_PERMISSIONS,
		caller.getPackageName(), caller.getUserId())) {
		throw new SecurityException(
		"Caller not permitted to grant sensor permissions.");
		} else {
		Slogf.e(LOG_TAG, "Caller attempted to grant sensor permissions but denied");
		// This is to match the legacy behaviour.
		callback.sendResult(Bundle.EMPTY);
		return;
		}
		}
		synchronized (getLockObject()) {
		long ident = mInjector.binderClearCallingIdentity();
		try {