Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e4b2b15 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "DPC should not be allowed to grant development permission" into oc-dev

parents 84aa3f4c d05d2bac

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −0
Original line number Diff line number Diff line
@@ -98,6 +98,7 @@ import android.content.pm.PackageManager; 
import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.PackageManagerInternal;

import android.content.pm.ParceledListSlice;

import android.content.pm.PermissionInfo;

import android.content.pm.ResolveInfo;

import android.content.pm.ServiceInfo;

import android.content.pm.StringParceledListSlice;
@@ -151,6 +152,7 @@ import android.telephony.TelephonyManager; 
import android.text.TextUtils;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.EventLog;

import android.util.Log;

import android.util.Pair;

import android.util.Slog;
@@ -9543,6 +9545,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                        < android.os.Build.VERSION_CODES.M) {

                    return false;

                }

                if (!isRuntimePermission(permission)) {

                    EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");

                    return false;

                }

                final PackageManager packageManager = mInjector.getPackageManager();

                switch (grantState) {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -9569,6 +9575,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                return true;

            } catch (SecurityException se) {

                return false;

            } catch (NameNotFoundException e) {

                return false;

            } finally {

                mInjector.binderRestoreCallingIdentity(ident);

            }
@@ -9618,6 +9626,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }



    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {

        final PackageManager packageManager = mInjector.getPackageManager();

        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);

        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                == PermissionInfo.PROTECTION_DANGEROUS;

    }



    @Override

    public boolean isProvisioningAllowed(String action, String packageName) {

        Preconditions.checkNotNull(packageName);