Fix DPM.getPermissionGrantState()
The recent addition of DPM API access delegation introduced a bug in
this method. When a system app (UID 1000) called the method, it would
crash.
Bug: 34760123
Test: DPM unit tests
Change-Id: I69390ca30270d64a4d28a74c13a7679f14a62959
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 5c15750..2af5f0d 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -9292,11 +9292,12 @@
PackageManager packageManager = mInjector.getPackageManager();
UserHandle user = mInjector.binderGetCallingUserHandle();
- enforceProfileOwnerOrSystemUser(admin);
- synchronized (this) {
+ if (!isCallerWithSystemUid()) {
// Ensure the caller is a DO/PO or a permission grant state delegate.
- enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
- DELEGATION_PERMISSION_GRANT);
+ enforceCanManageScope(admin, callerPackage,
+ DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT);
+ }
+ synchronized (this) {
long ident = mInjector.binderClearCallingIdentity();
try {
int granted = mIPackageManager.checkPermission(permission,
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index c29668f..f4e4e08 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -3575,20 +3575,24 @@
// System can retrieve permission grant state.
mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
+ mContext.packageName = "com.example.system";
assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED,
dpm.getPermissionGrantState(null, app1, permission));
assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT,
dpm.getPermissionGrantState(null, app2, permission));
// A regular app cannot retrieve permission grant state.
- mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
+ mContext.binder.callingUid = setupPackageInPackageManager(app1, 1);
+ mContext.packageName = app1;
try {
dpm.getPermissionGrantState(null, app1, permission);
- fail("Didn't throw IllegalStateException");
- } catch (IllegalStateException expected) {
+ fail("Didn't throw SecurityException");
+ } catch (SecurityException expected) {
}
// Profile owner can retrieve permission grant state.
+ mContext.binder.callingUid = DpmMockContext.CALLER_UID;
+ mContext.packageName = admin1.getPackageName();
setAsProfileOwner(admin1);
assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED,
dpm.getPermissionGrantState(admin1, app1, permission));