Fix missing MANAGE_USER error on calls to isDeviceSecure
A poorly placed clear identity was causing some crashes as
apps were required to have the MANAGE_USERS permission to
query if the current user is secured.
Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 89cb5b4..4e8f19c 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -893,7 +893,7 @@
*/
public boolean isSeparateProfileChallengeEnabled(int userHandle) {
UserInfo info = getUserManager().getUserInfo(userHandle);
- if (!info.isManagedProfile()) {
+ if (info == null || !info.isManagedProfile()) {
return false;
}
return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle);
@@ -904,7 +904,7 @@
*/
public boolean isSeparateProfileChallengeAllowed(int userHandle) {
UserInfo info = getUserManager().getUserInfo(userHandle);
- if (!info.isManagedProfile()) {
+ if (info == null || !info.isManagedProfile()) {
return false;
}
return getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 78e3f7f..42b8721 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -675,12 +675,12 @@
public boolean isDeviceSecure(int userId) throws RemoteException {
userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);
- if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
- userId = resolveProfileParent(userId);
- }
long token = Binder.clearCallingIdentity();
try {
+ if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
+ userId = resolveProfileParent(userId);
+ }
return mLockPatternUtils.isSecure(userId);
} finally {
Binder.restoreCallingIdentity(token);