Loading data/etc/privapp-permissions-platform.xml +2 −0 Original line number Diff line number Diff line Loading @@ -621,6 +621,8 @@ applications that come with the platform <permission name="android.permission.READ_COLOR_ZONES"/> <!-- Permission required for CTS test - CtsTextClassifierTestCases --> <permission name="android.permission.ACCESS_TEXT_CLASSIFIER_BY_TYPE"/> <!-- Permission required for CTS test - CtsSecurityTestCases --> <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE"/> </privapp-permissions> <privapp-permissions package="com.android.soundpicker"> Loading packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java +10 −7 Original line number Diff line number Diff line Loading @@ -77,6 +77,10 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { private static final String ROLE_DEVICE_LOCK_CONTROLLER = "android.app.role.SYSTEM_FINANCED_DEVICE_CONTROLLER"; //TODO(b/378931989): Switch to android.app.admin.DevicePolicyIdentifiers.MEMORY_TAGGING_POLICY //when the appropriate flag is launched. private static final String MEMORY_TAGGING_POLICY = "memoryTagging"; /** * @return drawables for displaying with settings that are locked by a device admin. */ Loading Loading @@ -847,14 +851,13 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (dpm.getMtePolicy() == MTE_NOT_CONTROLLED_BY_POLICY) { return null; } EnforcedAdmin admin = RestrictedLockUtils.getProfileOrDeviceOwner( context, context.getUser()); if (admin != null) { return admin; EnforcingAdmin enforcingAdmin = context.getSystemService(DevicePolicyManager.class) .getEnforcingAdmin(context.getUserId(), MEMORY_TAGGING_POLICY); if (enforcingAdmin == null) { Log.w(LOG_TAG, "MTE is controlled by policy but could not find enforcing admin."); } int profileId = getManagedProfileId(context, context.getUserId()); return RestrictedLockUtils.getProfileOrDeviceOwner(context, UserHandle.of(profileId)); return EnforcedAdmin.createDefaultEnforcedAdminWithRestriction(MEMORY_TAGGING_POLICY); } /** Loading packages/Shell/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -961,6 +961,7 @@ android:featureFlag="android.security.aapm_api"/> <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE" android:featureFlag="android.security.aapm_api"/> <uses-permission android:name="android.permission.MANAGE_DEVICE_POLICY_MTE" /> <!-- Permission required for CTS test - IntrusionDetectionManagerTest --> <uses-permission android:name="android.permission.READ_INTRUSION_DETECTION_STATE" Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −4 Original line number Diff line number Diff line Loading @@ -23903,10 +23903,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { UserHandle.USER_ALL); synchronized (getLockObject()) { final EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(null, MANAGE_DEVICE_POLICY_MTE, callerPackageName, caller.getUserId()); final Integer policyFromAdmin = mDevicePolicyEngine.getGlobalPolicySetByAdmin( PolicyDefinition.MEMORY_TAGGING, admin); final Integer policyFromAdmin = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.MEMORY_TAGGING, UserHandle.USER_ALL); return (policyFromAdmin != null ? policyFromAdmin : DevicePolicyManager.MTE_NOT_CONTROLLED_BY_POLICY); } Loading
data/etc/privapp-permissions-platform.xml +2 −0 Original line number Diff line number Diff line Loading @@ -621,6 +621,8 @@ applications that come with the platform <permission name="android.permission.READ_COLOR_ZONES"/> <!-- Permission required for CTS test - CtsTextClassifierTestCases --> <permission name="android.permission.ACCESS_TEXT_CLASSIFIER_BY_TYPE"/> <!-- Permission required for CTS test - CtsSecurityTestCases --> <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE"/> </privapp-permissions> <privapp-permissions package="com.android.soundpicker"> Loading
packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java +10 −7 Original line number Diff line number Diff line Loading @@ -77,6 +77,10 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { private static final String ROLE_DEVICE_LOCK_CONTROLLER = "android.app.role.SYSTEM_FINANCED_DEVICE_CONTROLLER"; //TODO(b/378931989): Switch to android.app.admin.DevicePolicyIdentifiers.MEMORY_TAGGING_POLICY //when the appropriate flag is launched. private static final String MEMORY_TAGGING_POLICY = "memoryTagging"; /** * @return drawables for displaying with settings that are locked by a device admin. */ Loading Loading @@ -847,14 +851,13 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (dpm.getMtePolicy() == MTE_NOT_CONTROLLED_BY_POLICY) { return null; } EnforcedAdmin admin = RestrictedLockUtils.getProfileOrDeviceOwner( context, context.getUser()); if (admin != null) { return admin; EnforcingAdmin enforcingAdmin = context.getSystemService(DevicePolicyManager.class) .getEnforcingAdmin(context.getUserId(), MEMORY_TAGGING_POLICY); if (enforcingAdmin == null) { Log.w(LOG_TAG, "MTE is controlled by policy but could not find enforcing admin."); } int profileId = getManagedProfileId(context, context.getUserId()); return RestrictedLockUtils.getProfileOrDeviceOwner(context, UserHandle.of(profileId)); return EnforcedAdmin.createDefaultEnforcedAdminWithRestriction(MEMORY_TAGGING_POLICY); } /** Loading
packages/Shell/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -961,6 +961,7 @@ android:featureFlag="android.security.aapm_api"/> <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE" android:featureFlag="android.security.aapm_api"/> <uses-permission android:name="android.permission.MANAGE_DEVICE_POLICY_MTE" /> <!-- Permission required for CTS test - IntrusionDetectionManagerTest --> <uses-permission android:name="android.permission.READ_INTRUSION_DETECTION_STATE" Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −4 Original line number Diff line number Diff line Loading @@ -23903,10 +23903,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { UserHandle.USER_ALL); synchronized (getLockObject()) { final EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(null, MANAGE_DEVICE_POLICY_MTE, callerPackageName, caller.getUserId()); final Integer policyFromAdmin = mDevicePolicyEngine.getGlobalPolicySetByAdmin( PolicyDefinition.MEMORY_TAGGING, admin); final Integer policyFromAdmin = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.MEMORY_TAGGING, UserHandle.USER_ALL); return (policyFromAdmin != null ? policyFromAdmin : DevicePolicyManager.MTE_NOT_CONTROLLED_BY_POLICY); }
