Loading core/java/android/app/admin/DevicePolicyManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -7826,7 +7826,8 @@ public class DevicePolicyManager { * See {@link #getBindDeviceAdminTargetUsers} for a definition of which * device/profile owners are allowed to bind to services of another profile/device owner. * <p> * The service must be unexported. Note that the {@link Context} used to obtain this * The service must be protected by {@link android.Manifest.permission#BIND_DEVICE_ADMIN}. * Note that the {@link Context} used to obtain this * {@link DevicePolicyManager} instance via {@link Context#getSystemService(Class)} will be used * to bind to the {@link android.app.Service}. * Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +5 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.devicepolicy; import static android.Manifest.permission.BIND_DEVICE_ADMIN; import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; Loading Loading @@ -10844,8 +10845,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!expectedPackageName.equals(info.serviceInfo.packageName)) { throw new SecurityException("Only allow to bind service in " + expectedPackageName); } if (info.serviceInfo.exported) { throw new SecurityException("The service must be unexported"); // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { throw new SecurityException( "Service must be protected by BIND_DEVICE_ADMIN permission"); } // It is the system server to bind the service, it would be extremely dangerous if it // can be exploited to bind any service. Set the component explicitly to make sure we Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -7826,7 +7826,8 @@ public class DevicePolicyManager { * See {@link #getBindDeviceAdminTargetUsers} for a definition of which * device/profile owners are allowed to bind to services of another profile/device owner. * <p> * The service must be unexported. Note that the {@link Context} used to obtain this * The service must be protected by {@link android.Manifest.permission#BIND_DEVICE_ADMIN}. * Note that the {@link Context} used to obtain this * {@link DevicePolicyManager} instance via {@link Context#getSystemService(Class)} will be used * to bind to the {@link android.app.Service}. * Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +5 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.devicepolicy; import static android.Manifest.permission.BIND_DEVICE_ADMIN; import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; Loading Loading @@ -10844,8 +10845,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!expectedPackageName.equals(info.serviceInfo.packageName)) { throw new SecurityException("Only allow to bind service in " + expectedPackageName); } if (info.serviceInfo.exported) { throw new SecurityException("The service must be unexported"); // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { throw new SecurityException( "Service must be protected by BIND_DEVICE_ADMIN permission"); } // It is the system server to bind the service, it would be extremely dangerous if it // can be exploited to bind any service. Set the component explicitly to make sure we Loading
