commit 8d35de84456cec0c0e0c340d6444dcd4f46663b8
author Clara Bayarri <clarabayarri@google.com> Tue Jan 12 17:29:29 2016 +0000
committer Clara Bayarri <clarabayarri@google.com> Wed Jan 13 13:21:03 2016 +0000
tree a56673e594f926a500466f6b1b8c0e1323ca536e
parent a1771110d67fa7361f92d92f2e91019882ce3305

Fix missing MANAGE_USER error on calls to isDeviceSecure

A poorly placed clear identity was causing some crashes as
apps were required to have the MANAGE_USERS permission to
query if the current user is secured.

Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3

core/java/com/android/internal/widget/LockPatternUtils.java

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 89cb5b4..4e8f19c 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -893,7 +893,7 @@
      */
     public boolean isSeparateProfileChallengeEnabled(int userHandle) {
         UserInfo info = getUserManager().getUserInfo(userHandle);
-        if (!info.isManagedProfile()) {
+        if (info == null || !info.isManagedProfile()) {
             return false;
         }
         return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle);
@@ -904,7 +904,7 @@
      */
     public boolean isSeparateProfileChallengeAllowed(int userHandle) {
         UserInfo info = getUserManager().getUserInfo(userHandle);
-        if (!info.isManagedProfile()) {
+        if (info == null || !info.isManagedProfile()) {
             return false;
         }
         return getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);

services/core/java/com/android/server/trust/TrustManagerService.java

diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 78e3f7f..42b8721 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -675,12 +675,12 @@
         public boolean isDeviceSecure(int userId) throws RemoteException {
             userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
                     false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);
-            if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
-                userId = resolveProfileParent(userId);
-            }
 
             long token = Binder.clearCallingIdentity();
             try {
+                if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
+                    userId = resolveProfileParent(userId);
+                }
                 return mLockPatternUtils.isSecure(userId);
             } finally {
                 Binder.restoreCallingIdentity(token);