Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8d35de84 authored by Clara Bayarri's avatar Clara Bayarri
Browse files

Fix missing MANAGE_USER error on calls to isDeviceSecure 

A poorly placed clear identity was causing some crashes as
apps were required to have the MANAGE_USERS permission to
query if the current user is secured.

Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3
parent a1771110

core/java/com/android/internal/widget/LockPatternUtils.java

+2 −2
Original line number Diff line number Diff line
@@ -893,7 +893,7 @@ public class LockPatternUtils { 
     */

    public boolean isSeparateProfileChallengeEnabled(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (!info.isManagedProfile()) {

        if (info == null || !info.isManagedProfile()) {

            return false;

        }

        return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle);
@@ -904,7 +904,7 @@ public class LockPatternUtils { 
     */

    public boolean isSeparateProfileChallengeAllowed(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (!info.isManagedProfile()) {

        if (info == null || !info.isManagedProfile()) {

            return false;

        }

        return getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);

services/core/java/com/android/server/trust/TrustManagerService.java

+3 −3
Original line number Diff line number Diff line
@@ -675,12 +675,12 @@ public class TrustManagerService extends SystemService { 
        public boolean isDeviceSecure(int userId) throws RemoteException {

            userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,

                    false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);

            if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

                userId = resolveProfileParent(userId);

            }



            long token = Binder.clearCallingIdentity();

            try {

                if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

                    userId = resolveProfileParent(userId);

                }

                return mLockPatternUtils.isSecure(userId);

            } finally {

                Binder.restoreCallingIdentity(token);