Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c5185f2b authored by Jason Monk's avatar Jason Monk
Browse files

The profile owner shouldn't control lock task 

Since managed profiles are started on bootup, the managed profile
would be allowed to set an app (possibly itself) as a lock task
app and then run itself on bootup and constantly control the
device.  This privelege should be restricted to device owners.

Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
parent 9e58b3c6

core/java/android/app/admin/DevicePolicyManager.java

+1 −1
Original line number Diff line number Diff line
@@ -2349,7 +2349,7 @@ public class DevicePolicyManager { 
     * <p>Any packages that shares uid with an allowed package will also be allowed

     * to activate lock task.

     *

     * This function can only be called by the device owner or the profile owner.

     * This function can only be called by the device owner.

     * @param packages The list of packages allowed to enter lock task mode

     *

     * @see Activity#startLockTask()

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+4 −6
Original line number Diff line number Diff line
@@ -3732,7 +3732,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    /**

     * Sets which packages may enter lock task mode.

     *

     * This function can only be called by the device owner or the profile owner.

     * This function can only be called by the device owner.

     * @param components The list of components allowed to enter lock task mode.

     */

    public void setLockTaskPackages(String[] packages) throws SecurityException {
@@ -3741,15 +3741,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);



        synchronized (this) {

            // Check whether any of the package name is the device owner or the profile owner.

            // Check whether any of the package name is the device owner.

            for (int i=0; i<packageNames.length; i++) {

                String packageName = packageNames[i];

                int userHandle = UserHandle.getUserId(uid);

                String profileOwnerPackage = getProfileOwner(userHandle);

                if (isDeviceOwner(packageName) ||

                    (profileOwnerPackage != null && profileOwnerPackage.equals(packageName))) {

                if (isDeviceOwner(packageName)) {



                    // If a package name is the device owner or the profile owner,

                    // If a package name is the device owner,

                    // we update the component list.

                    DevicePolicyData policy = getUserData(userHandle);

                    policy.mLockTaskPackages.clear();