Revert "Require QUERY_ALL_PACKAGES getDeviceOwnerComponent" (8eccfdce) · Commits · e / os / android_frameworks_base

core/api/current.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -7289,7 +7289,7 @@ package android.app.admin {
		method public boolean isCommonCriteriaModeEnabled(@Nullable android.content.ComponentName);
		method public boolean isComplianceAcknowledgementRequired();
		method public boolean isDeviceIdAttestationSupported();
		method @RequiresPermission(value=android.Manifest.permission.QUERY_ALL_PACKAGES, conditional=true) public boolean isDeviceOwnerApp(String);
		method public boolean isDeviceOwnerApp(String);
		method public boolean isEphemeralUser(@NonNull android.content.ComponentName);
		method public boolean isKeyPairGrantedToWifiAuth(@NonNull String);
		method public boolean isLockTaskPermitted(String);

core/java/android/app/admin/DevicePolicyManager.java

+0 −6

Original line number	Diff line number	Diff line
		@@ -7818,16 +7818,10 @@ public class DevicePolicyManager {
		* admin apps that want to check whether they are also registered as the device owner app. The
		* exact mechanism by which a device admin app is registered as a device owner app is defined by
		* the setup process.
		* Starting from {@link android.os.Build.VERSION_CODES#S_V2}, if the caller application's target
		* SDK version is {@link android.os.Build.VERSION_CODES#S_V2} or newer, the caller should have
		* {@link android.Manifest.permission#QUERY_ALL_PACKAGES} permission otherwise
		* {@link SecurityException} will be thrown.
		*
		* @param packageName the package name of the app, to compare with the registered device owner
		* app, if any.
		* @return whether or not the package is registered as the device owner app.
		*/
		@RequiresPermission(value = permission.QUERY_ALL_PACKAGES, conditional = true)
		public boolean isDeviceOwnerApp(String packageName) {
		throwIfParentInstance("isDeviceOwnerApp");
		return isDeviceOwnerAppOnCallingUser(packageName);

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+0 −16

Original line number	Diff line number	Diff line
		@@ -18,7 +18,6 @@ package com.android.server.devicepolicy;

		import static android.Manifest.permission.BIND_DEVICE_ADMIN;
		import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
		import static android.Manifest.permission.QUERY_ALL_PACKAGES;
		import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;
		import static android.accessibilityservice.AccessibilityServiceInfo.FEEDBACK_ALL_MASK;
		import static android.app.ActivityManager.LOCK_TASK_MODE_NONE;
		@@ -629,15 +628,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		@EnabledSince(targetSdkVersion = Build.VERSION_CODES.S)
		private static final long PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT = 165573442L;

		/**
		* Apps targeting Android S_V2+ need to have
		* {@link android.Manifest.permission#QUERY_ALL_PACKAGES} permission to call
		* getDeviceOwnerComponent API.
		*/
		@ChangeId
		@EnabledSince(targetSdkVersion = Build.VERSION_CODES.S_V2)
		private static final long ENFORCE_QUERY_ALL_PACKAGES_GET_DEVICE_OWNER_COMPONENT = 185896465L;

		private static final String CREDENTIAL_MANAGEMENT_APP_INVALID_ALIAS_MSG =
		"The alias provided must be contained in the aliases specified in the credential "
		+ "management app's authentication policy";
		@@ -8609,12 +8599,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		if (!mHasFeature) {
		return null;
		}

		if (CompatChanges.isChangeEnabled(ENFORCE_QUERY_ALL_PACKAGES_GET_DEVICE_OWNER_COMPONENT,
		Binder.getCallingUid())) {
		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(QUERY_ALL_PACKAGES));
		}

		if (!callingUserOnly) {
		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
		\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));