diff options
| author | Amith Yamasani <yamasani@google.com> | 2015-06-04 17:58:11 -0700 |
|---|---|---|
| committer | Amith Yamasani <yamasani@google.com> | 2015-06-04 17:58:11 -0700 |
| commit | 369d65653399f01e83a6cbb6dfa4eb7b356af648 (patch) | |
| tree | 3c7a318ee8128ea5f6ec5180b4abfbec0c69ad08 /services/devicepolicy | |
| parent | 5c56f74527d4d5c8c92c95e7e47319d2324bdb4d (diff) | |
| download | frameworks_base-369d65653399f01e83a6cbb6dfa4eb7b356af648.zip frameworks_base-369d65653399f01e83a6cbb6dfa4eb7b356af648.tar.gz frameworks_base-369d65653399f01e83a6cbb6dfa4eb7b356af648.tar.bz2 | |
Fix permission check in DPM.getPermissionGrantState
It was querying for permission of user 0 instead of the calling user.
Switched to passing in the explicity userId.
Also set the flags before granting/revoking permission from DPM.
Bug: 21430988
Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4
Diffstat (limited to 'services/devicepolicy')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index ff748f2..825ef1a 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -6395,18 +6395,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { PackageManager packageManager = mContext.getPackageManager(); switch (grantState) { case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { - packageManager.grantRuntimePermission(packageName, permission, user); packageManager.updatePermissionFlags(permission, packageName, PackageManager.FLAG_PERMISSION_POLICY_FIXED, PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + packageManager.grantRuntimePermission(packageName, permission, user); } break; case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { - packageManager.revokeRuntimePermission(packageName, - permission, user); packageManager.updatePermissionFlags(permission, packageName, PackageManager.FLAG_PERMISSION_POLICY_FIXED, PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + packageManager.revokeRuntimePermission(packageName, + permission, user); } break; case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { @@ -6428,14 +6428,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String permission) throws RemoteException { PackageManager packageManager = mContext.getPackageManager(); - // Do this before clearing the caller's identity - int granted = packageManager.checkPermission(permission, packageName); - UserHandle user = Binder.getCallingUserHandle(); synchronized (this) { getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); long ident = Binder.clearCallingIdentity(); try { + int granted = AppGlobals.getPackageManager().checkPermission(permission, + packageName, user.getIdentifier()); int permFlags = packageManager.getPermissionFlags(permission, packageName, user); if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { |