Merge "Fix permission access to wipeData/Device" into udc-dev am: 16d4bd11c3 (9e36e250) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+66 −20

Original line number	Original line	Diff line number	Diff line
	@@ -80,6 +80,7 @@ import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIFI;
	import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WINDOWS;		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WINDOWS;
	import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIPE_DATA;		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIPE_DATA;
	import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;		import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
			import static android.Manifest.permission.MASTER_CLEAR;
	import static android.Manifest.permission.QUERY_ADMIN_POLICY;		import static android.Manifest.permission.QUERY_ADMIN_POLICY;
	import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;		import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;
	import static android.Manifest.permission.SET_TIME;		import static android.Manifest.permission.SET_TIME;
	@@ -7552,9 +7553,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	boolean calledByProfileOwnerOnOrgOwnedDevice =		boolean calledByProfileOwnerOnOrgOwnedDevice =
	isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId());		isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId());
	if (isPolicyEngineForFinanceFlagEnabled()) {		if (isPolicyEngineForFinanceFlagEnabled()) {
	EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(		EnforcingAdmin enforcingAdmin = enforcePermissionsAndGetEnforcingAdmin(
	/admin=/ null,		/admin=/ null,
	/permission= / MANAGE_DEVICE_POLICY_WIPE_DATA,		/permission=/ new String[]{MANAGE_DEVICE_POLICY_WIPE_DATA, MASTER_CLEAR},
	USES_POLICY_WIPE_DATA,		USES_POLICY_WIPE_DATA,
	caller.getPackageName(),		caller.getPackageName(),
	factoryReset ? UserHandle.USER_ALL : getAffectedUser(calledOnParentInstance));		factoryReset ? UserHandle.USER_ALL : getAffectedUser(calledOnParentInstance));
	@@ -7576,12 +7577,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	admin = getActiveAdminWithPolicyForUidLocked(/* who= */ null,		admin = getActiveAdminWithPolicyForUidLocked(/* who= */ null,
	DeviceAdminInfo.USES_POLICY_WIPE_DATA, caller.getUid());		DeviceAdminInfo.USES_POLICY_WIPE_DATA, caller.getUid());
	}		}
	}

	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	(admin != null) \|\| hasCallingOrSelfPermission(permission.MASTER_CLEAR),		(admin != null) \|\| hasCallingOrSelfPermission(permission.MASTER_CLEAR),
	"No active admin for user %d and caller %d does not hold MASTER_CLEAR permission",		"No active admin for user %d and caller %d does not hold MASTER_CLEAR "
			+ "permission",
	caller.getUserId(), caller.getUid());		caller.getUserId(), caller.getUid());
			}

	checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_WIPE_DATA);		checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_WIPE_DATA);

	if (TextUtils.isEmpty(wipeReasonForUser)) {		if (TextUtils.isEmpty(wipeReasonForUser)) {
	@@ -7836,15 +7838,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	} else {		} else {
	// Explicit behaviour		// Explicit behaviour
	if (factoryReset) {		if (factoryReset) {
	// TODO(b/254031494) Replace with new factory reset permission checks		EnforcingAdmin enforcingAdmin = enforcePermissionsAndGetEnforcingAdmin(
	if (!isPermissionCheckFlagEnabled()) {		/admin=/ null,
	boolean hasPermission = isDeviceOwnerUserId(userId)		/permission=/ new String[]{MANAGE_DEVICE_POLICY_WIPE_DATA,
	\|\| (isOrganizationOwnedDeviceWithManagedProfile()		MASTER_CLEAR},
	&& calledOnParentInstance);		USES_POLICY_WIPE_DATA,
	Preconditions.checkCallAuthorization(hasPermission,		adminPackage,
	"Admin %s does not have permission to factory reset the device.",		factoryReset ? UserHandle.USER_ALL :
	userId);		getAffectedUser(calledOnParentInstance));
	}
	wipeDevice = true;		wipeDevice = true;
	} else {		} else {
	Preconditions.checkCallAuthorization(!isSystemUser,		Preconditions.checkCallAuthorization(!isSystemUser,
	@@ -23224,6 +23225,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return getEnforcingAdminForCaller(admin, callerPackageName);		return getEnforcingAdminForCaller(admin, callerPackageName);
	}		}

			/**
			* Checks if the calling process has been granted permission to apply a device policy on a
			* specific user. Only one permission provided in the list needs to be granted to pass this
			* check.
			* The given permissions will be checked along with their associated cross-user permissions if
			* they exist and the target user is different to the calling user.
			* Returns an {@link EnforcingAdmin} for the caller.
			*
			* @param admin the component name of the admin.
			* @param callerPackageName The package name of the calling application.
			* @param permissions The names of the permissions being checked.
			* @param deviceAdminPolicy The userId of the user which the caller needs permission to act on.
			* @throws SecurityException if the caller has not been granted the given permission,
			* the associated cross-user permission if the caller's user is different to the target user.
			*/
			private EnforcingAdmin enforcePermissionsAndGetEnforcingAdmin(@Nullable ComponentName admin,
			String[] permissions, int deviceAdminPolicy, String callerPackageName,
			int targetUserId) {
			enforcePermissions(permissions, deviceAdminPolicy, callerPackageName, targetUserId);
			return getEnforcingAdminForCaller(admin, callerPackageName);
			}

	/**		/**
	* Checks whether the calling process has been granted permission to query a device policy on		* Checks whether the calling process has been granted permission to query a device policy on
	* a specific user.		* a specific user.
	@@ -23270,12 +23293,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	/**		/**
	* Checks if the calling process has been granted permission to apply a device policy on a		* Checks if the calling process has been granted permission to apply a device policy on a
	* specific user.		* specific user. Only one permission provided in the list needs to be granted to pass this
	* The given permission will be checked along with its associated cross-user permission if it		* check.
	* exists and the target user is different to the calling user.		* The given permissions will be checked along with their associated cross-user permissions if
			* they exists and the target user is different to the calling user.
	*		*
	* @param callerPackageName The package name of the calling application.		* @param callerPackageName The package name of the calling application.
	* @param permission The name of the permission being checked.		* @param permissions The names of the permissions being checked.
	* @param targetUserId The userId of the user which the caller needs permission to act on.		* @param targetUserId The userId of the user which the caller needs permission to act on.
	* @throws SecurityException if the caller has not been granted the given permission,		* @throws SecurityException if the caller has not been granted the given permission,
	* the associated cross-user permission if the caller's user is different to the target user.		* the associated cross-user permission if the caller's user is different to the target user.
	@@ -23339,6 +23363,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	enforcePermission(permission, callerPackageName, targetUserId);		enforcePermission(permission, callerPackageName, targetUserId);
	}		}

			/**
			* Checks if the calling process has been granted permission to apply a device policy on a
			* specific user.
			* The given permission will be checked along with its associated cross-user permission if it
			* exists and the target user is different to the calling user.
			*
			* @param callerPackageName The package name of the calling application.
			* @param adminPolicy The admin policy that should grant holders permission.
			* @param permission The name of the permission being checked.
			* @param targetUserId The userId of the user which the caller needs permission to act on.
			* @throws SecurityException if the caller has not been granted the given permission,
			* the associated cross-user permission if the caller's user is different to the target user.
			*/
			private void enforcePermissions(String[] permissions, int adminPolicy,
			String callerPackageName, int targetUserId) throws SecurityException {
			if (hasAdminPolicy(adminPolicy, callerPackageName)) {
			return;
			}
			enforcePermissions(permissions, callerPackageName, targetUserId);
			}

	/**		/**
	* Checks whether the calling process has been granted permission to query a device policy on		* Checks whether the calling process has been granted permission to query a device policy on
	* a specific user.		* a specific user.
	@@ -23466,7 +23511,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	// Check for non-DPC active admins.		// Check for non-DPC active admins.
	admin = getActiveAdminForCaller(who, caller);		admin = getActiveAdminForCaller(who, caller);
	if (admin != null) {		if (admin != null) {
	return EnforcingAdmin.createDeviceAdminEnforcingAdmin(who, userId, admin);		return EnforcingAdmin.createDeviceAdminEnforcingAdmin(admin.info.getComponent(), userId,
			admin);
	}		}
	admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);		admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);
	return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);		return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);