commit 8d35de84456cec0c0e0c340d6444dcd4f46663b8
author Clara Bayarri <clarabayarri@google.com> Tue Jan 12 17:29:29 2016 +0000
committer Clara Bayarri <clarabayarri@google.com> Wed Jan 13 13:21:03 2016 +0000
tree a56673e594f926a500466f6b1b8c0e1323ca536e
parent a1771110d67fa7361f92d92f2e91019882ce3305

Fix missing MANAGE_USER error on calls to isDeviceSecure

A poorly placed clear identity was causing some crashes as
apps were required to have the MANAGE_USERS permission to
query if the current user is secured.

Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3

services/core/java/com/android/server/trust/TrustManagerService.java

diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 78e3f7f..42b8721 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -675,12 +675,12 @@
         public boolean isDeviceSecure(int userId) throws RemoteException {
             userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
                     false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);
-            if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
-                userId = resolveProfileParent(userId);
-            }
 
             long token = Binder.clearCallingIdentity();
             try {
+                if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
+                    userId = resolveProfileParent(userId);
+                }
                 return mLockPatternUtils.isSecure(userId);
             } finally {
                 Binder.restoreCallingIdentity(token);