Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / eda0a9ae33273765afc7ec65081408f3c24c5640^! / .
commiteda0a9ae33273765afc7ec65081408f3c24c5640[log] [tgz]
authorTony Mak <tonymak@google.com>Tue Apr 25 12:07:14 2017 +0100
committerTony Mak <tonymak@google.com>Wed Apr 26 14:00:33 2017 +0000
treefd10201f71d42b4c80f19c883a6f9350c1d27c16
parent0f8764485b055d5f4904a3db201ca338b398347a [diff]
bindDeviceAdminService requires service to be proected by BIND_DEVICE_ADMIN

Test: cts-tradefed cts-dev --module DevicePolicyManager  --test com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest

Fix: 37624960

Change-Id: I0df88d2a019a0c5f8f997db1efede35a20441fa8

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 7855b92..51deb87 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java

@@ -7826,7 +7826,8 @@
      * See {@link #getBindDeviceAdminTargetUsers} for a definition of which
      * device/profile owners are allowed to bind to services of another profile/device owner.
      * <p>
-     * The service must be unexported. Note that the {@link Context} used to obtain this
+     * The service must be protected by {@link android.Manifest.permission#BIND_DEVICE_ADMIN}.
+     * Note that the {@link Context} used to obtain this
      * {@link DevicePolicyManager} instance via {@link Context#getSystemService(Class)} will be used
      * to bind to the {@link android.app.Service}.
      *

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index e82ba9c..87cbc52 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -16,6 +16,7 @@
 
 package com.android.server.devicepolicy;
 
+import static android.Manifest.permission.BIND_DEVICE_ADMIN;
 import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
 import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;
 import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED;
@@ -10844,8 +10845,10 @@
         if (!expectedPackageName.equals(info.serviceInfo.packageName)) {
             throw new SecurityException("Only allow to bind service in " + expectedPackageName);
         }
-        if (info.serviceInfo.exported) {
-            throw new SecurityException("The service must be unexported");
+        // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release.
+        if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) {
+            throw new SecurityException(
+                    "Service must be protected by BIND_DEVICE_ADMIN permission");
         }
         // It is the system server to bind the service, it would be extremely dangerous if it
         // can be exploited to bind any service. Set the component explicitly to make sure we