Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1cbcf55 authored by Tony Mak's avatar Tony Mak Committed by android-build-merger
Browse files

Merge "DPC should not be allowed to grant development permission" into mnc-dev 

am: 328c129f

Change-Id: If2d6418cf2a71b2ae3094349101e71903c016224
parents bf1b3083 328c129f

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −0
Original line number Diff line number Diff line
@@ -57,6 +57,7 @@ import android.content.pm.ApplicationInfo; 
import android.content.pm.IPackageManager;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.PermissionInfo;

import android.content.pm.ResolveInfo;

import android.content.pm.ServiceInfo;

import android.content.pm.UserInfo;
@@ -97,6 +98,7 @@ import android.security.KeyChain; 
import android.security.KeyChain.KeyChainConnection;

import android.service.persistentdata.PersistentDataBlockManager;

import android.text.TextUtils;

import android.util.EventLog;

import android.util.Log;

import android.util.PrintWriterPrinter;

import android.util.Printer;
@@ -6448,6 +6450,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                if (targetSdkVersion < android.os.Build.VERSION_CODES.M) {

                    return false;

                }

                if (!isRuntimePermission(permission)) {

                    EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");

                    return false;

                }

                final PackageManager packageManager = mContext.getPackageManager();

                switch (grantState) {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -6473,12 +6479,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                return true;

            } catch (SecurityException se) {

                return false;

            } catch (NameNotFoundException e) {

                return false;

            } finally {

                Binder.restoreCallingIdentity(ident);

            }

        }

    }



    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {

        final PackageManager packageManager = mContext.getPackageManager();

        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);

        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                == PermissionInfo.PROTECTION_DANGEROUS;

    }



    @Override

    public int getPermissionGrantState(ComponentName admin, String packageName,

            String permission) throws RemoteException {