Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 8668395a authored by Rubin Xu's avatar Rubin Xu
Browse files

Make zero trust related APIs callable by permission holders 

1. getEnrollmentSpecificId
This is currently callable by DO, PO and DELEGATION_CERT_INSTALL
delegates. Convert this to MANAGE_DEVICE_POLICY_CERTIFICATES
permission which DO, PO and DELEGATION_CERT_INSTALL all holds
already (the DMRH also has this permission granted already)

2. getPendingSystemUpdate
A new MANAGE_DEVICE_POLICY_SYSTEM_UPDATE_INFO permission is added
to guard getPendingSystemUpdate. We also allow system update
services (identified by the existing NOTIFY_PENDING_SYSTEM_UPDATE
permission) who sets system update information to retrieve
what it previously set via getPendingSystemUpdate.

3. notifyPendingSystemUpdate
Also send ACTION_NOTIFY_PENDING_SYSTEM_UPDATE to all instances of
the Device Management Role Holder.

Bug: 254653320
Bug: 289520697
Test: EnrollmentSpecificIdTest
      android.devicepolicy.cts.PendingSystemUpdateTest
      android.permissionpolicy.cts

Change-Id: I35367d115564f624fa8b3302c8ed4e2825c67893
parent 9027446c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment