commit f34db0a17ee035c165a4e81e9192f73d2455bd1c
author Makoto Onuki <omakoto@google.com> Wed Feb 17 11:17:15 2016 -0800
committer Makoto Onuki <omakoto@google.com> Wed Feb 17 14:24:25 2016 -0800
tree 9d03fca7191b10dc6e8c03df0544fbd490148568
parent c18766d065152ee6c5870a9809b35577f71ed8e1

[framework] Don't allow apps on external storage to be active admin

Bug 27149287

Change-Id: I6d959d2e66dc0b19f78e6135fbdcf45ca8551958

core/java/android/app/ApplicationPackageManager.java

diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index 7e50518..68118fc 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -21,6 +21,7 @@
 import android.annotation.Nullable;
 import android.annotation.StringRes;
 import android.annotation.XmlRes;
+import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
 import android.content.ContentResolver;
 import android.content.Intent;
@@ -1759,7 +1760,7 @@
         return candidates;
     }
 
-    private static boolean isPackageCandidateVolume(
+    private boolean isPackageCandidateVolume(
             ContextImpl context, ApplicationInfo app, VolumeInfo vol) {
         final boolean forceAllowOnExternal = Settings.Global.getInt(
                 context.getContentResolver(), Settings.Global.FORCE_ALLOW_ON_EXTERNAL, 0) != 0;
@@ -1789,6 +1790,15 @@
             return app.isInternal();
         }
 
+        // Some apps can't be moved. (e.g. device admins)
+        try {
+            if (mPM.isPackageDeviceAdminOnAnyUser(app.packageName)) {
+                return false;
+            }
+        } catch (RemoteException e) {
+            throw new RuntimeException("Package manager has died", e);
+        }
+
         // Otherwise we can move to any private volume
         return (vol.getType() == VolumeInfo.TYPE_PRIVATE);
     }