The profile owner shouldn't control lock task
Since managed profiles are started on bootup, the managed profile
would be allowed to set an app (possibly itself) as a lock task
app and then run itself on bootup and constantly control the
device. This privelege should be restricted to device owners.
Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index df6be8b..4351f9d 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2349,7 +2349,7 @@
* <p>Any packages that shares uid with an allowed package will also be allowed
* to activate lock task.
*
- * This function can only be called by the device owner or the profile owner.
+ * This function can only be called by the device owner.
* @param packages The list of packages allowed to enter lock task mode
*
* @see Activity#startLockTask()
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 2801f4f..9c38bbc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3732,7 +3732,7 @@
/**
* Sets which packages may enter lock task mode.
*
- * This function can only be called by the device owner or the profile owner.
+ * This function can only be called by the device owner.
* @param components The list of components allowed to enter lock task mode.
*/
public void setLockTaskPackages(String[] packages) throws SecurityException {
@@ -3741,15 +3741,13 @@
String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);
synchronized (this) {
- // Check whether any of the package name is the device owner or the profile owner.
+ // Check whether any of the package name is the device owner.
for (int i=0; i<packageNames.length; i++) {
String packageName = packageNames[i];
int userHandle = UserHandle.getUserId(uid);
- String profileOwnerPackage = getProfileOwner(userHandle);
- if (isDeviceOwner(packageName) ||
- (profileOwnerPackage != null && profileOwnerPackage.equals(packageName))) {
+ if (isDeviceOwner(packageName)) {
- // If a package name is the device owner or the profile owner,
+ // If a package name is the device owner,
// we update the component list.
DevicePolicyData policy = getUserData(userHandle);
policy.mLockTaskPackages.clear();