Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f44da66 authored by Eric Biggers's avatar Eric Biggers
Browse files

DPMS: add permission check to getDeviceOwnerLockScreenInfo() 

The public API DPMS.getDeviceOwnerLockScreenInfo() currently doesn't
require any permission, as it doesn't check for one itself, and it uses
ILockSettings.getString() which doesn't check for a permission either.

We're fixing ILockSettings.getString() to check for
ACCESS_KEYGUARD_SECURE_STORAGE.  Therefore, to keep
DPMS.getDeviceOwnerLockScreenInfo() working for DPCs, make it explicitly
check for the device or profile owner before calling into ILockSettings
with a cleared calling identity.

Note, this is the same permission check that
DPMS.setDeviceOwnerLockScreenInfo() does.

Bug: 256170784
Test: m cts && atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testLockScreenInfo
Change-Id: Ic81d04b7c3746fa2da65f932ca28cb852fdeccb8
parent 6ec1f430

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+5 −1
Original line number Diff line number Diff line
@@ -9321,7 +9321,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 














    @Override















    public CharSequence getDeviceOwnerLockScreenInfo() {













        return mLockPatternUtils.getDeviceOwnerInfo();













        final CallerIdentity caller = getCallerIdentity();













        Preconditions.checkCallAuthorization(













                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller));













        return mInjector.binderWithCleanCallingIdentity(() ->













            mLockPatternUtils.getDeviceOwnerInfo());















    }





























    private void clearUserPoliciesLocked(int userId) {