diff options
| author | Julia Reynolds <juliacr@google.com> | 2014-09-11 15:46:06 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-09-11 15:46:07 +0000 |
| commit | d86734b4695a92359ed38d6053ed1ce16a470634 (patch) | |
| tree | d5fee1d089da5cfdda9c6102a18f5d2244973051 /services | |
| parent | e5fe4bc96d096d800d9da48d0a3ff68ee1f94000 (diff) | |
| parent | 82735bcb1400cb5ab2da763a236a55927d87ab00 (diff) | |
| download | frameworks_base-d86734b4695a92359ed38d6053ed1ce16a470634.zip frameworks_base-d86734b4695a92359ed38d6053ed1ce16a470634.tar.gz frameworks_base-d86734b4695a92359ed38d6053ed1ce16a470634.tar.bz2 | |
Merge "Allow device owners to update LOCATION_MODE." into lmp-dev
Diffstat (limited to 'services')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 09584f4..5ad9825 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -166,12 +166,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private static final Set<String> SECURE_SETTINGS_WHITELIST; + private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; private static final Set<String> GLOBAL_SETTINGS_WHITELIST; static { SECURE_SETTINGS_WHITELIST = new HashSet(); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new HashSet(); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); + SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); + GLOBAL_SETTINGS_WHITELIST = new HashSet(); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); @@ -5109,11 +5114,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (who == null) { throw new NullPointerException("ComponentName is null"); } - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); + ActiveAdmin activeAdmin = + getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); - if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { + if (isDeviceOwner(activeAdmin.info.getPackageName())) { + if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting)) { + throw new SecurityException(String.format( + "Permission denial: Device owners cannot update %1$s", setting)); + } + } else if (!SECURE_SETTINGS_WHITELIST.contains(setting)) { throw new SecurityException(String.format( - "Permission denial: profile/device owners cannot update %1$s", setting)); + "Permission denial: Profile owners cannot update %1$s", setting)); } long id = Binder.clearCallingIdentity(); |