Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +5 −4 Original line number Diff line number Diff line Loading @@ -9296,11 +9296,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { PackageManager packageManager = mInjector.getPackageManager(); UserHandle user = mInjector.binderGetCallingUserHandle(); enforceProfileOwnerOrSystemUser(admin); synchronized (this) { if (!isCallerWithSystemUid()) { // Ensure the caller is a DO/PO or a permission grant state delegate. enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); } synchronized (this) { long ident = mInjector.binderClearCallingIdentity(); try { int granted = mIPackageManager.checkPermission(permission, Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +7 −3 Original line number Diff line number Diff line Loading @@ -3575,20 +3575,24 @@ public class DevicePolicyManagerTest extends DpmTestBase { // System can retrieve permission grant state. mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; mContext.packageName = "com.example.system"; assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED, dpm.getPermissionGrantState(null, app1, permission)); assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT, dpm.getPermissionGrantState(null, app2, permission)); // A regular app cannot retrieve permission grant state. mMockContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.binder.callingUid = setupPackageInPackageManager(app1, 1); mContext.packageName = app1; try { dpm.getPermissionGrantState(null, app1, permission); fail("Didn't throw IllegalStateException"); } catch (IllegalStateException expected) { fail("Didn't throw SecurityException"); } catch (SecurityException expected) { } // Profile owner can retrieve permission grant state. mContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.packageName = admin1.getPackageName(); setAsProfileOwner(admin1); assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED, dpm.getPermissionGrantState(admin1, app1, permission)); Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +5 −4 Original line number Diff line number Diff line Loading @@ -9296,11 +9296,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { PackageManager packageManager = mInjector.getPackageManager(); UserHandle user = mInjector.binderGetCallingUserHandle(); enforceProfileOwnerOrSystemUser(admin); synchronized (this) { if (!isCallerWithSystemUid()) { // Ensure the caller is a DO/PO or a permission grant state delegate. enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); } synchronized (this) { long ident = mInjector.binderClearCallingIdentity(); try { int granted = mIPackageManager.checkPermission(permission, Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +7 −3 Original line number Diff line number Diff line Loading @@ -3575,20 +3575,24 @@ public class DevicePolicyManagerTest extends DpmTestBase { // System can retrieve permission grant state. mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; mContext.packageName = "com.example.system"; assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED, dpm.getPermissionGrantState(null, app1, permission)); assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT, dpm.getPermissionGrantState(null, app2, permission)); // A regular app cannot retrieve permission grant state. mMockContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.binder.callingUid = setupPackageInPackageManager(app1, 1); mContext.packageName = app1; try { dpm.getPermissionGrantState(null, app1, permission); fail("Didn't throw IllegalStateException"); } catch (IllegalStateException expected) { fail("Didn't throw SecurityException"); } catch (SecurityException expected) { } // Profile owner can retrieve permission grant state. mContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.packageName = admin1.getPackageName(); setAsProfileOwner(admin1); assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED, dpm.getPermissionGrantState(admin1, app1, permission)); Loading
