Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 220e7c1628840af67fa2958d96a49eb650e69b7a^1..220e7c1628840af67fa2958d96a49eb650e69b7a / .
commit220e7c1628840af67fa2958d96a49eb650e69b7a[log] [tgz]
authorTony Mak <tonymak@google.com>Mon Sep 11 08:36:08 2017 +0000
committerandroid-build-merger <android-build-merger@google.com>Mon Sep 11 08:36:08 2017 +0000
treeee047f797dc11afc02775d119852a40ef104e659
parent54f494ffc033a243232a101ae5506cb1b3a4e84e [diff]
parenta1cbcf5513294356d47657507172b5324d6e91b5 [diff]
Merge "DPC should not be allowed to grant development permission" into mnc-dev am: 328c129f4c
am: a1cbcf5513

Change-Id: I37cafa9ee6e166e27c074e6317a6a818fe9e87a5

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 5461018..083d132 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -57,6 +57,7 @@
 import android.content.pm.IPackageManager;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.pm.PermissionInfo;
 import android.content.pm.ResolveInfo;
 import android.content.pm.ServiceInfo;
 import android.content.pm.UserInfo;
@@ -97,6 +98,7 @@
 import android.security.KeyChain.KeyChainConnection;
 import android.service.persistentdata.PersistentDataBlockManager;
 import android.text.TextUtils;
+import android.util.EventLog;
 import android.util.Log;
 import android.util.PrintWriterPrinter;
 import android.util.Printer;
@@ -6448,6 +6450,10 @@
                 if (targetSdkVersion < android.os.Build.VERSION_CODES.M) {
                     return false;
                 }
+                if (!isRuntimePermission(permission)) {
+                    EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), "");
+                    return false;
+                }
                 final PackageManager packageManager = mContext.getPackageManager();
                 switch (grantState) {
                     case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
@@ -6473,12 +6479,21 @@
                 return true;
             } catch (SecurityException se) {
                 return false;
+            } catch (NameNotFoundException e) {
+                return false;
             } finally {
                 Binder.restoreCallingIdentity(ident);
             }
         }
     }
 
+    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {
+        final PackageManager packageManager = mContext.getPackageManager();
+        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);
+        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
+                == PermissionInfo.PROTECTION_DANGEROUS;
+    }
+
     @Override
     public int getPermissionGrantState(ComponentName admin, String packageName,
             String permission) throws RemoteException {