Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1485a69 authored by Eran Messeri's avatar Eran Messeri
Browse files

ESID access for Delegated Cert Installer 

Let the delegated cert installer read the Enrollment-specific ID, as
certificate management is tied to specific devices/enrollments.

Bug: 168627890
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstaller
Change-Id: I6fd301d42342b8b6c94b27846dd859c507057d9e
parent 5664e559

core/java/android/app/admin/DevicePolicyManager.java

+1 −1
Original line number Diff line number Diff line
@@ -12852,7 +12852,7 @@ public class DevicePolicyManager { 
        }















        try {













            return mService.getEnrollmentSpecificId();













            return mService.getEnrollmentSpecificId(mContext.getPackageName());















        } catch (RemoteException re) {















            throw re.rethrowFromSystemServer();















        }

























core/java/android/app/admin/IDevicePolicyManager.aidl



+1
−1




























Original line number
Diff line number
Diff line








@@ -490,6 +490,6 @@ interface IDevicePolicyManager {





























    void setNextOperationSafety(int operation, boolean safe);





























    String getEnrollmentSpecificId();













    String getEnrollmentSpecificId(String callerPackage);















    void setOrganizationIdForUser(in String callerPackage, in String enterpriseId, int userId);















}
























services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java



+1
−1




























Original line number
Diff line number
Diff line








@@ -103,7 +103,7 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub {













        return false;















    }





























    public String getEnrollmentSpecificId() {













    public String getEnrollmentSpecificId(String callerPackage) {















        return "";















    }

















































services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+4
−3




























Original line number
Diff line number
Diff line








@@ -15629,14 +15629,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













    }





























    @Override













    public String getEnrollmentSpecificId() {













    public String getEnrollmentSpecificId(String callerPackage) {















        if (!mHasFeature) {















            return "";















        }



























        final CallerIdentity caller = getCallerIdentity();













        final CallerIdentity caller = getCallerIdentity(callerPackage);















        Preconditions.checkCallAuthorization(













                isDeviceOwner(caller) || isProfileOwner(caller));













                isDeviceOwner(caller) || isProfileOwner(caller)













                        || isCallerDelegate(caller, DELEGATION_CERT_INSTALL));





























        synchronized (getLockObject()) {















            final ActiveAdmin requiredAdmin = getDeviceOrProfileOwnerAdminLocked(