Add enforceNetworkStackOrProfileOrDeviceOwner() (597644f0) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+10 −1

Original line number	Diff line number	Diff line
		@@ -78,6 +78,7 @@ import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE;
		import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA;
		import static android.app.admin.DevicePolicyManager.WIPE_SILENTLY;
		import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
		import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
		import static android.provider.Settings.Global.PRIVATE_DNS_MODE;
		import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
		import static android.provider.Telephony.Carriers.DPC_URI;
		@@ -5558,6 +5559,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		}

		private void enforceNetworkStackOrProfileOrDeviceOwner(ComponentName who) {
		if (mContext.checkCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)
		== PackageManager.PERMISSION_GRANTED) {
		return;
		}
		enforceProfileOrDeviceOwner(who);
		}

		@Override
		public boolean approveCaCert(String alias, int userId, boolean approval) {
		enforceManageUsers();
		@@ -6485,7 +6494,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		@Override
		public boolean isAlwaysOnVpnLockdownEnabled(ComponentName admin) throws SecurityException {
		enforceProfileOrDeviceOwner(admin);
		enforceNetworkStackOrProfileOrDeviceOwner(admin);

		final int userId = mInjector.userHandleGetCallingUserId();
		final long token = mInjector.binderClearCallingIdentity();