The profile owner shouldn't control lock task

Since managed profiles are started on bootup, the managed profile would be allowed to set an app (possibly itself) as a lock task app and then run itself on bootup and constantly control the device. This privelege should be restricted to device owners. Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
author: Jason Monk <jmonk@google.com> 2014-06-24 11:12:42 -0400
committer: Jason Monk <jmonk@google.com> 2014-06-24 14:12:20 -0400
commit: c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437 (patch)
tree: d09199dfc2cebe8035aefef14a321724f1e98141 /services/devicepolicy/java
parent: 9e58b3c61c119c884b62c16b3e1a99b991a1d1bf (diff)
download: frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.zip
frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.tar.gz
frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.tar.bz2
1 files changed, 4 insertions, 6 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 2801f4f..9c38bbc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3732,7 +3732,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     /**
      * Sets which packages may enter lock task mode.
      *
-     * This function can only be called by the device owner or the profile owner.
+     * This function can only be called by the device owner.
      * @param components The list of components allowed to enter lock task mode.
      */
     public void setLockTaskPackages(String[] packages) throws SecurityException {
@@ -3741,15 +3741,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);
 
         synchronized (this) {
-            // Check whether any of the package name is the device owner or the profile owner.
+            // Check whether any of the package name is the device owner.
             for (int i=0; i<packageNames.length; i++) {
                 String packageName = packageNames[i];
                 int userHandle = UserHandle.getUserId(uid);
-                String profileOwnerPackage = getProfileOwner(userHandle);
-                if (isDeviceOwner(packageName) ||
-                    (profileOwnerPackage != null && profileOwnerPackage.equals(packageName))) {
+                if (isDeviceOwner(packageName)) {
 
-                    // If a package name is the device owner or the profile owner,
+                    // If a package name is the device owner,
                     // we update the component list.
                     DevicePolicyData policy = getUserData(userHandle);
                     policy.mLockTaskPackages.clear();
author	Jason Monk <jmonk@google.com>	2014-06-24 11:12:42 -0400
committer	Jason Monk <jmonk@google.com>	2014-06-24 14:12:20 -0400
commit	c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437 (patch)
tree	d09199dfc2cebe8035aefef14a321724f1e98141 /services/devicepolicy/java
parent	9e58b3c61c119c884b62c16b3e1a99b991a1d1bf (diff)
download	frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.zip frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.tar.gz frameworks_base-c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437.tar.bz2