commit 369d65653399f01e83a6cbb6dfa4eb7b356af648
author Amith Yamasani <yamasani@google.com> Thu Jun 04 17:58:11 2015 -0700
committer Amith Yamasani <yamasani@google.com> Thu Jun 04 17:58:11 2015 -0700
tree 3c7a318ee8128ea5f6ec5180b4abfbec0c69ad08
parent 5c56f74527d4d5c8c92c95e7e47319d2324bdb4d

Fix permission check in DPM.getPermissionGrantState

It was querying for permission of user 0 instead of the calling user.
Switched to passing in the explicity userId.
Also set the flags before granting/revoking permission from DPM.

Bug: 21430988
Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index ff748f2..825ef1a 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6395,18 +6395,18 @@
                 PackageManager packageManager = mContext.getPackageManager();
                 switch (grantState) {
                     case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
-                        packageManager.grantRuntimePermission(packageName, permission, user);
                         packageManager.updatePermissionFlags(permission, packageName,
                                 PackageManager.FLAG_PERMISSION_POLICY_FIXED,
                                 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
+                        packageManager.grantRuntimePermission(packageName, permission, user);
                     } break;
 
                     case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
-                        packageManager.revokeRuntimePermission(packageName,
-                                permission, user);
                         packageManager.updatePermissionFlags(permission, packageName,
                                 PackageManager.FLAG_PERMISSION_POLICY_FIXED,
                                 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
+                        packageManager.revokeRuntimePermission(packageName,
+                                permission, user);
                     } break;
 
                     case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
@@ -6428,14 +6428,13 @@
             String permission) throws RemoteException {
         PackageManager packageManager = mContext.getPackageManager();
 
-        // Do this before clearing the caller's identity
-        int granted = packageManager.checkPermission(permission, packageName);
-
         UserHandle user = Binder.getCallingUserHandle();
         synchronized (this) {
             getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
             long ident = Binder.clearCallingIdentity();
             try {
+                int granted = AppGlobals.getPackageManager().checkPermission(permission,
+                        packageName, user.getIdentifier());
                 int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
                 if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
                         != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {