Loading core/java/android/app/admin/DevicePolicyManager.java +5 −13 Original line number Diff line number Diff line Loading @@ -54,7 +54,6 @@ import android.net.NetworkUtils; import android.net.PrivateDnsConnectivityChecker; import android.net.ProxyInfo; import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.ParcelFileDescriptor; Loading Loading @@ -6410,27 +6409,20 @@ public class DevicePolicyManager { * Returns whether the specified package can read the device identifiers. * * @param packageName The package name of the app to check for device identifier access. * @param pid The process id of the package to be checked. * @param uid The uid of the package to be checked. * @return whether the package can read the device identifiers. * * @hide */ public boolean checkDeviceIdentifierAccess(String packageName) { return checkDeviceIdentifierAccessAsUser(packageName, myUserId()); } /** * @hide */ @RequiresPermission(value = android.Manifest.permission.MANAGE_USERS, conditional = true) public boolean checkDeviceIdentifierAccessAsUser(String packageName, int userId) { throwIfParentInstance("checkDeviceIdentifierAccessAsUser"); public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { throwIfParentInstance("checkDeviceIdentifierAccess"); if (packageName == null) { return false; } if (mService != null) { try { return mService.checkDeviceIdentifierAccess(packageName, userId, Binder.getCallingPid(), Binder.getCallingUid()); return mService.checkDeviceIdentifierAccess(packageName, pid, uid); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading core/java/android/app/admin/IDevicePolicyManager.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -156,7 +156,7 @@ interface IDevicePolicyManager { void clearProfileOwner(in ComponentName who); boolean hasUserSetupCompleted(); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid); boolean checkDeviceIdentifierAccess(in String packageName, int pid, int uid); void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo); CharSequence getDeviceOwnerLockScreenInfo(); Loading services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +1 −2 Original line number Diff line number Diff line Loading @@ -75,8 +75,7 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { return false; } Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +33 −6 Original line number Diff line number Diff line Loading @@ -8398,13 +8398,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { // If the caller is not a system app then it should only be able to check its own device // identifier access. int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid()); if (callingAppId >= Process.FIRST_APPLICATION_UID && callingAppId != UserHandle.getAppId(uid)) { int callingUid = mInjector.binderGetCallingUid(); int callingPid = mInjector.binderGetCallingPid(); if (UserHandle.getAppId(callingUid) >= Process.FIRST_APPLICATION_UID && (callingUid != uid || callingPid != pid)) { String message = String.format( "Calling uid %d, pid %d cannot check device identifier access for package %s " + "(uid=%d, pid=%d)", callingUid, callingPid, packageName, uid, pid); Log.w(LOG_TAG, message); throw new SecurityException(message); } // Verify that the specified packages matches the provided uid. int userId = UserHandle.getUserId(uid); try { ApplicationInfo appInfo = mIPackageManager.getApplicationInfo(packageName, 0, userId); // Since this call goes directly to PackageManagerService a NameNotFoundException is not // thrown but null data can be returned; if the appInfo for the specified package cannot // be found then return false to prevent crashing the app. if (appInfo == null) { Log.w(LOG_TAG, String.format("appInfo could not be found for package %s", packageName)); return false; } else if (uid != appInfo.uid) { String message = String.format("Package %s (uid=%d) does not match provided uid %d", packageName, appInfo.uid, uid); Log.w(LOG_TAG, message); throw new SecurityException(message); } } catch (RemoteException e) { // If an exception is caught obtaining the appInfo just return false to prevent crashing // apps due to an internal error. Log.e(LOG_TAG, "Exception caught obtaining appInfo for package " + packageName, e); return false; } // A device or profile owner must also have the READ_PHONE_STATE permission to access device Loading @@ -8421,7 +8448,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return true; } // Allow access to the profile owner for the specified user, or delegate cert installer ComponentName profileOwner = getProfileOwnerAsUser(userHandle); ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner != null && (profileOwner.getPackageName().equals(packageName) || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { return true; Loading telephony/java/com/android/internal/telephony/TelephonyPermissions.java +2 −2 Original line number Diff line number Diff line Loading @@ -345,8 +345,8 @@ public final class TelephonyPermissions { // Allow access to a device / profile owner app. DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccessAsUser( callingPackage, Binder.getCallingUserHandle().getIdentifier())) { if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccess( callingPackage, pid, uid)) { return true; } return false; Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +5 −13 Original line number Diff line number Diff line Loading @@ -54,7 +54,6 @@ import android.net.NetworkUtils; import android.net.PrivateDnsConnectivityChecker; import android.net.ProxyInfo; import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.ParcelFileDescriptor; Loading Loading @@ -6410,27 +6409,20 @@ public class DevicePolicyManager { * Returns whether the specified package can read the device identifiers. * * @param packageName The package name of the app to check for device identifier access. * @param pid The process id of the package to be checked. * @param uid The uid of the package to be checked. * @return whether the package can read the device identifiers. * * @hide */ public boolean checkDeviceIdentifierAccess(String packageName) { return checkDeviceIdentifierAccessAsUser(packageName, myUserId()); } /** * @hide */ @RequiresPermission(value = android.Manifest.permission.MANAGE_USERS, conditional = true) public boolean checkDeviceIdentifierAccessAsUser(String packageName, int userId) { throwIfParentInstance("checkDeviceIdentifierAccessAsUser"); public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { throwIfParentInstance("checkDeviceIdentifierAccess"); if (packageName == null) { return false; } if (mService != null) { try { return mService.checkDeviceIdentifierAccess(packageName, userId, Binder.getCallingPid(), Binder.getCallingUid()); return mService.checkDeviceIdentifierAccess(packageName, pid, uid); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -156,7 +156,7 @@ interface IDevicePolicyManager { void clearProfileOwner(in ComponentName who); boolean hasUserSetupCompleted(); boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid); boolean checkDeviceIdentifierAccess(in String packageName, int pid, int uid); void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo); CharSequence getDeviceOwnerLockScreenInfo(); Loading
services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +1 −2 Original line number Diff line number Diff line Loading @@ -75,8 +75,7 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { return false; } Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +33 −6 Original line number Diff line number Diff line Loading @@ -8398,13 +8398,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, int uid) { public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { // If the caller is not a system app then it should only be able to check its own device // identifier access. int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid()); if (callingAppId >= Process.FIRST_APPLICATION_UID && callingAppId != UserHandle.getAppId(uid)) { int callingUid = mInjector.binderGetCallingUid(); int callingPid = mInjector.binderGetCallingPid(); if (UserHandle.getAppId(callingUid) >= Process.FIRST_APPLICATION_UID && (callingUid != uid || callingPid != pid)) { String message = String.format( "Calling uid %d, pid %d cannot check device identifier access for package %s " + "(uid=%d, pid=%d)", callingUid, callingPid, packageName, uid, pid); Log.w(LOG_TAG, message); throw new SecurityException(message); } // Verify that the specified packages matches the provided uid. int userId = UserHandle.getUserId(uid); try { ApplicationInfo appInfo = mIPackageManager.getApplicationInfo(packageName, 0, userId); // Since this call goes directly to PackageManagerService a NameNotFoundException is not // thrown but null data can be returned; if the appInfo for the specified package cannot // be found then return false to prevent crashing the app. if (appInfo == null) { Log.w(LOG_TAG, String.format("appInfo could not be found for package %s", packageName)); return false; } else if (uid != appInfo.uid) { String message = String.format("Package %s (uid=%d) does not match provided uid %d", packageName, appInfo.uid, uid); Log.w(LOG_TAG, message); throw new SecurityException(message); } } catch (RemoteException e) { // If an exception is caught obtaining the appInfo just return false to prevent crashing // apps due to an internal error. Log.e(LOG_TAG, "Exception caught obtaining appInfo for package " + packageName, e); return false; } // A device or profile owner must also have the READ_PHONE_STATE permission to access device Loading @@ -8421,7 +8448,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return true; } // Allow access to the profile owner for the specified user, or delegate cert installer ComponentName profileOwner = getProfileOwnerAsUser(userHandle); ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner != null && (profileOwner.getPackageName().equals(packageName) || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { return true; Loading
telephony/java/com/android/internal/telephony/TelephonyPermissions.java +2 −2 Original line number Diff line number Diff line Loading @@ -345,8 +345,8 @@ public final class TelephonyPermissions { // Allow access to a device / profile owner app. DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccessAsUser( callingPackage, Binder.getCallingUserHandle().getIdentifier())) { if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccess( callingPackage, pid, uid)) { return true; } return false; Loading
