Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1a640e2 authored by Stephanie Bak's avatar Stephanie Bak
Browse files

Change SystemUID check to QUERY_ADMIN_POLICY check 

For getting SSID restriction, use the QUERY_ADMIN_POLICY permission
check instead of SystemUID check for SystemUI and SUW

Bug: 217268655
Test: atest DevicePolicyManagerTest
Change-Id: Ib3a6fbd54bca96b930c7f2481eda03c10f149347
parent 6bcc18f7

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+6 −4
Original line number Diff line number Diff line
@@ -18459,9 +18459,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)

                        || isSystemUid(caller),

                        || canQueryAdminPolicy(caller),

                "SSID allowlist can only be retrieved by a device owner or "

                        + "a profile owner on an organization-owned device or a system app.");

                        + "a profile owner on an organization-owned device or "

                        + "an app with the QUERY_ADMIN_POLICY permission.");

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                    UserHandle.USER_SYSTEM);
@@ -18497,9 +18498,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)

                        || isSystemUid(caller),

                        || canQueryAdminPolicy(caller),

                "SSID denylist can only be retrieved by a device owner or "

                        + "a profile owner on an organization-owned device or a system app.");

                        + "a profile owner on an organization-owned device or "

                        + "an app with the QUERY_ADMIN_POLICY permission.");

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                    UserHandle.USER_SYSTEM);