diff options
| author | Julia Reynolds <juliacr@google.com> | 2014-09-04 16:43:30 -0400 |
|---|---|---|
| committer | Julia Reynolds <juliacr@google.com> | 2014-09-04 16:43:30 -0400 |
| commit | 82735bcb1400cb5ab2da763a236a55927d87ab00 (patch) | |
| tree | 989b90b50df8acd11073fe22613f062bd3c029c6 /services | |
| parent | 0cd0b186c30f8c98b874d65be265053b44a9684c (diff) | |
| download | frameworks_base-82735bcb1400cb5ab2da763a236a55927d87ab00.zip frameworks_base-82735bcb1400cb5ab2da763a236a55927d87ab00.tar.gz frameworks_base-82735bcb1400cb5ab2da763a236a55927d87ab00.tar.bz2 | |
Allow device owners to update LOCATION_MODE.
Bug: 17388933
Change-Id: If3267aa52c2611cf764a19bee019c312f6ebf5d1
Diffstat (limited to 'services')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index cad2772..8800ba9 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -166,12 +166,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private static final Set<String> SECURE_SETTINGS_WHITELIST; + private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; private static final Set<String> GLOBAL_SETTINGS_WHITELIST; static { SECURE_SETTINGS_WHITELIST = new HashSet(); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new HashSet(); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); + GLOBAL_SETTINGS_WHITELIST = new HashSet(); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); @@ -5098,11 +5103,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (who == null) { throw new NullPointerException("ComponentName is null"); } - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); + ActiveAdmin activeAdmin = + getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); - if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { + if (isDeviceOwner(activeAdmin.info.getPackageName())) { + if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting)) { + throw new SecurityException(String.format( + "Permission denial: Device owners cannot update %1$s", setting)); + } + } else if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( - "Permission denial: profile/device owners cannot update %1$s", setting)); + "Permission denial: Profile owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); |