Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9ead5a3c authored by Jordan Jozwiak's avatar Jordan Jozwiak
Browse files

DO NOT MERGE - Allow locking with feature or permission 

Instead of requiring the DEVICE_ADMIN feature, we accept either
the feature or the appropriate permission.

Bug: 133240910
Test: Manual testing
Verify that API executes when on a device without DEVICE_ADMIN
when the caller has the LOCK_DEVICE permission.

Change-Id: I30bd0dc81d9d7b7ed5503a926066caffb389b9c0
(cherry picked from commit 3cc489b7)
parent 3a9ceed2

core/java/android/app/admin/DevicePolicyManager.java

+12 −0
Original line number Diff line number Diff line
@@ -4247,6 +4247,12 @@ public class DevicePolicyManager { 
     * device. After this method is called, the device must be unlocked using strong authentication

     * (PIN, pattern, or password). This API is intended for use only by device admins.

     * <p>

     * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have

     * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is

     * true, then the method will return without completing any action. Before version

     * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature,

     * regardless of the caller's permissions.

     * <p>

     * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK}

     * to be able to call this method; if it has not, a security exception will be thrown.

     * <p>
@@ -4274,6 +4280,12 @@ public class DevicePolicyManager { 
     * device. After this method is called, the device must be unlocked using strong authentication

     * (PIN, pattern, or password). This API is intended for use only by device admins.

     * <p>

     * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have

     * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is

     * true, then the method will return without completing any action. Before version

     * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature,

     * regardless of the caller's permissions.

     * <p>

     * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK}

     * to be able to call this method; if it has not, a security exception will be thrown.

     * <p>

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+3 −2
Original line number Diff line number Diff line
@@ -629,7 +629,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 














    /**















     * Whether or not device admin feature is supported. If it isn't return defaults for all













     * public methods.













     * public methods, unless the caller has the appropriate permission for a particular method.















     */















    final boolean mHasFeature;
























@@ -5993,7 +5993,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    @Override















    public void lockNow(int flags, boolean parent) {













        if (!mHasFeature) {













        if (!mHasFeature && mContext.checkCallingPermission(android.Manifest.permission.LOCK_DEVICE)













                != PackageManager.PERMISSION_GRANTED) {















            return;















        }