Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8f707442 authored by Adam Connors's avatar Adam Connors Committed by Kenny Guy
Browse files

DO NOT MERGE : Allow system process to call getApplicationBlockedAsUser 

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Bug: 14400206
Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
(cherry picked from commit c11c67b3e117b4fec3245f87b6d510461c1f8323)
parent ac383e52

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −6
Original line number Diff line number Diff line
@@ -7792,13 +7792,9 @@ public class PackageManagerService extends IPackageManager.Stub { 
    @Override

    public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) {

        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);

        PackageSetting pkgSetting;

        final int uid = Binder.getCallingUid();

        if (UserHandle.getUserId(uid) != userId) {

            mContext.enforceCallingPermission(

                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,

        enforceCrossUserPermission(Binder.getCallingUid(), userId, true,

                "getApplicationBlocked for user " + userId);

        }

        PackageSetting pkgSetting;

        long callingId = Binder.clearCallingIdentity();

        try {

            // writer