Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e8b31f40 authored by Rafael Prado's avatar Rafael Prado
Browse files

Change cross user permission for MANAGE_DEVICE_POLICY_LOCK. 

* Changing it from `MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL` to
  `MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL`.
* `MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL` is only for privacy intrusive policies, and locking the device is clearly not such policy and should be available to profile owners as well.

Test: btest android.devicepolicy.cts.LockTest with feature flag
on/off
Bug: 378882674
Bug: 336297680
Flag: android.app.admin.flags.lock_now_coexistence

Change-Id: I52c23f0a0d0e419fd172e19aef3a862c57f25e6b
parent 8a64ce3a

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+8 −2
Original line number Diff line number Diff line
@@ -23178,6 +23178,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);

        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_KEYGUARD,

                MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);

        if (Flags.lockNowCoexistence()) {

            CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK,

                    MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);

        }

        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS,

                MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL);










@@ -23252,8 +23256,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);















        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCATION,















                MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);













        if (!Flags.lockNowCoexistence()) {















            CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK,















                    MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);













        }















        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_LOCK_TASK,















                MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL);















        CROSS_USER_PERMISSIONS.put(MANAGE_DEVICE_POLICY_MODIFY_USERS,