Merge "Remove the profile/device owner user restriction bypass." into lmp-dev
diff --git a/core/java/com/android/internal/app/IAppOpsService.aidl b/core/java/com/android/internal/app/IAppOpsService.aidl
index 9ff2cf4..a52dd48 100644
--- a/core/java/com/android/internal/app/IAppOpsService.aidl
+++ b/core/java/com/android/internal/app/IAppOpsService.aidl
@@ -40,8 +40,6 @@
int checkAudioOperation(int code, int usage, int uid, String packageName);
void setAudioRestriction(int code, int usage, int uid, int mode, in String[] exceptionPackages);
- void setDeviceOwner(String packageName);
- void setProfileOwner(String packageName, int userHandle);
void setUserRestrictions(in Bundle restrictions, int userHandle);
void removeUser(int userHandle);
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index 5a510a9..13e1b37 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -96,8 +96,6 @@
final SparseArray<HashMap<String, Ops>> mUidOps
= new SparseArray<HashMap<String, Ops>>();
- private int mDeviceOwnerUid;
- private final SparseIntArray mProfileOwnerUids = new SparseIntArray();
private final SparseArray<boolean[]> mOpRestrictions = new SparseArray<boolean[]>();
public final static class Ops extends SparseArray<Op> {
@@ -873,15 +871,7 @@
}
}
}
- if (userHandle == UserHandle.USER_OWNER) {
- if (uid != mDeviceOwnerUid) {
- return true;
- }
- } else {
- if (uid != mProfileOwnerUids.get(userHandle, -1)) {
- return true;
- }
- }
+ return true;
}
return false;
}
@@ -1256,35 +1246,6 @@
}
@Override
- public void setDeviceOwner(String packageName) throws RemoteException {
- checkSystemUid("setDeviceOwner");
- try {
- mDeviceOwnerUid = mContext.getPackageManager().getPackageUid(packageName,
- UserHandle.USER_OWNER);
- } catch (NameNotFoundException e) {
- Log.e(TAG, "Could not find Device Owner UID");
- mDeviceOwnerUid = -1;
- throw new IllegalArgumentException("Could not find device owner package "
- + packageName);
- }
- }
-
- @Override
- public void setProfileOwner(String packageName, int userHandle) throws RemoteException {
- checkSystemUid("setProfileOwner");
- try {
- int uid = mContext.getPackageManager().getPackageUid(packageName,
- userHandle);
- mProfileOwnerUids.put(userHandle, uid);
- } catch (NameNotFoundException e) {
- Log.e(TAG, "Could not find Profile Owner UID");
- mProfileOwnerUids.put(userHandle, -1);
- throw new IllegalArgumentException("Could not find profile owner package "
- + packageName);
- }
- }
-
- @Override
public void setUserRestrictions(Bundle restrictions, int userHandle) throws RemoteException {
checkSystemUid("setUserRestrictions");
boolean[] opRestrictions = mOpRestrictions.get(userHandle);
@@ -1306,10 +1267,6 @@
public void removeUser(int userHandle) throws RemoteException {
checkSystemUid("removeUser");
mOpRestrictions.remove(userHandle);
- final int index = mProfileOwnerUids.indexOfKey(userHandle);
- if (index >= 0) {
- mProfileOwnerUids.removeAt(index);
- }
}
private void checkSystemUid(String function) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c54c4fb..25f9e9b 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -252,8 +252,6 @@
}
};
- private IAppOpsService mAppOpsService;
-
static class ActiveAdmin {
private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
private static final String TAG_DISABLE_CAMERA = "disable-camera";
@@ -1288,24 +1286,6 @@
getUserData(UserHandle.USER_OWNER);
loadDeviceOwner();
cleanUpOldUsers();
- mAppOpsService = IAppOpsService.Stub.asInterface(
- ServiceManager.getService(Context.APP_OPS_SERVICE));
- if (mDeviceOwner != null) {
- if (mDeviceOwner.hasDeviceOwner()) {
- try {
- mAppOpsService.setDeviceOwner(mDeviceOwner.getDeviceOwnerPackageName());
- } catch (RemoteException e) {
- Log.w(LOG_TAG, "Unable to notify AppOpsService of DeviceOwner", e);
- }
- }
- for (Integer i : mDeviceOwner.getProfileOwnerKeys()) {
- try {
- mAppOpsService.setProfileOwner(mDeviceOwner.getProfileOwnerPackageName(i), i);
- } catch (RemoteException e) {
- Log.w(LOG_TAG, "Unable to notify AppOpsService of ProfileOwner", e);
- }
- }
- }
// Register an observer for watching for user setup complete.
new SetupContentObserver(mHandler).register(mContext.getContentResolver());
// Initialize the user setup state, to handle the upgrade case.
@@ -3169,14 +3149,6 @@
"Trying to set device owner but device owner is already set.");
}
- long token = Binder.clearCallingIdentity();
- try {
- mAppOpsService.setDeviceOwner(packageName);
- } catch (RemoteException e) {
- Log.w(LOG_TAG, "Unable to notify AppOpsService of DeviceOwner", e);
- } finally {
- Binder.restoreCallingIdentity(token);
- }
if (mDeviceOwner == null) {
// Device owner is not set and does not exist, set it.
mDeviceOwner = DeviceOwner.createWithDeviceOwner(packageName, ownerName);
@@ -3284,14 +3256,7 @@
throw new IllegalStateException(
"Trying to set profile owner but user is already set-up.");
}
- long token = Binder.clearCallingIdentity();
- try {
- mAppOpsService.setProfileOwner(packageName, userHandle);
- } catch (RemoteException e) {
- Log.w(LOG_TAG, "Unable to notify AppOpsService of ProfileOwner", e);
- } finally {
- Binder.restoreCallingIdentity(token);
- }
+
if (mDeviceOwner == null) {
// Device owner state does not exist, create it.
mDeviceOwner = DeviceOwner.createWithProfileOwner(packageName, ownerName,