Loading core/java/android/app/admin/DevicePolicyManager.java +3 −3 Original line number Diff line number Diff line Loading @@ -1869,13 +1869,13 @@ public class DevicePolicyManager { /** * Grants access to {@link #setNetworkLoggingEnabled}, {@link #isNetworkLoggingEnabled} and * {@link #retrieveNetworkLogs}. Once granted the delegated app will start receiving * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner will no longer * receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner or Profile Owner * will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. * There can be at most one app that has this delegation. * If another app already had delegated network logging access, * it will lose the delegation when a new app is delegated. * * <p> Can only be granted by Device Owner. * <p> Can only be granted by Device Owner or Profile Owner of a managed profile. */ public static final String DELEGATION_NETWORK_LOGGING = "delegation-network-logging"; Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +9 −7 Original line number Diff line number Diff line Loading @@ -422,8 +422,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { DELEGATION_CERT_SELECTION, }; // Subset of delegations that can only be delegated by Device Owner. private static final List<String> DEVICE_OWNER_DELEGATIONS = Arrays.asList(new String[] { // Subset of delegations that can only be delegated by Device Owner or Profile Owner of a // managed profile. private static final List<String> DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS = Arrays.asList(new String[]{ DELEGATION_NETWORK_LOGGING, }); Loading Loading @@ -5884,10 +5886,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } // Retrieve the user ID of the calling process. final int userId = caller.getUserId(); final boolean hasDoDelegation = !Collections.disjoint(scopes, DEVICE_OWNER_DELEGATIONS); // Ensure calling process is device/profile owner. if (hasDoDelegation) { Preconditions.checkCallAuthorization(isDeviceOwner(caller)); if (!Collections.disjoint(scopes, DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS)) { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || (isProfileOwner(caller) && isManagedProfile(caller.getUserId()))); } else { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller)); } Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +3 −3 Original line number Diff line number Diff line Loading @@ -1869,13 +1869,13 @@ public class DevicePolicyManager { /** * Grants access to {@link #setNetworkLoggingEnabled}, {@link #isNetworkLoggingEnabled} and * {@link #retrieveNetworkLogs}. Once granted the delegated app will start receiving * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner will no longer * receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner or Profile Owner * will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. * There can be at most one app that has this delegation. * If another app already had delegated network logging access, * it will lose the delegation when a new app is delegated. * * <p> Can only be granted by Device Owner. * <p> Can only be granted by Device Owner or Profile Owner of a managed profile. */ public static final String DELEGATION_NETWORK_LOGGING = "delegation-network-logging"; Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +9 −7 Original line number Diff line number Diff line Loading @@ -422,8 +422,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { DELEGATION_CERT_SELECTION, }; // Subset of delegations that can only be delegated by Device Owner. private static final List<String> DEVICE_OWNER_DELEGATIONS = Arrays.asList(new String[] { // Subset of delegations that can only be delegated by Device Owner or Profile Owner of a // managed profile. private static final List<String> DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS = Arrays.asList(new String[]{ DELEGATION_NETWORK_LOGGING, }); Loading Loading @@ -5884,10 +5886,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } // Retrieve the user ID of the calling process. final int userId = caller.getUserId(); final boolean hasDoDelegation = !Collections.disjoint(scopes, DEVICE_OWNER_DELEGATIONS); // Ensure calling process is device/profile owner. if (hasDoDelegation) { Preconditions.checkCallAuthorization(isDeviceOwner(caller)); if (!Collections.disjoint(scopes, DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS)) { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || (isProfileOwner(caller) && isManagedProfile(caller.getUserId()))); } else { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller)); } Loading
