Restrict setting the profile/device owner with a signature-level permission. Create the new permission MANAGE_PROFILE_OWNERS to restrict setting the profile/device owner. BUG:19838376 Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868

commit: 2806374f9531490296547d4e884ce9163f4ac867 [log] [tgz]
author: Nicolas Prevot <nprevot@google.com> Thu Jan 08 15:37:12 2015 +0000
committer: Nicolas Prevot <nprevot@google.com> Fri Apr 24 11:36:52 2015 +0100
tree: 684f42e87e68f8cd1f5d23bfa2ee5c7b69f2149f
parent: f2953dadbb99431a7d97854f6f21dbc8c761f4d3 [diff] [blame]
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 62685a1..dced051 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -1309,6 +1309,14 @@
     <permission android:name="android.permission.MANAGE_USERS"
         android:protectionLevel="signature|system" />
 
+    <!-- @hide Allows an application to set the profile owners and the device owner.
+         This permission is not available to third party applications.-->
+    <permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="signature"
+        android:label="@string/permlab_manageProfileAndDeviceOwners"
+        android:description="@string/permdesc_manageProfileAndDeviceOwners" />
+
     <!-- Allows an application to get full detailed information about
          recently running tasks, with full fidelity to the real state.
          @hide -->
commit	2806374f9531490296547d4e884ce9163f4ac867	[log] [tgz]
author	Nicolas Prevot <nprevot@google.com>	Thu Jan 08 15:37:12 2015 +0000
committer	Nicolas Prevot <nprevot@google.com>	Fri Apr 24 11:36:52 2015 +0100
tree	684f42e87e68f8cd1f5d23bfa2ee5c7b69f2149f
parent	f2953dadbb99431a7d97854f6f21dbc8c761f4d3 [diff] [blame]