frameworks/base
| Révision | 7da57cb8b321c1d5a9c45fd3c0435b67e9ab5d15 (tree) |
|---|---|
| l'heure | 2019-06-06 04:09:05 |
| Auteur | Pavel Grafov <pgrafov@goog...> |
| Commiter | syphyr |
Limit IsSeparateProfileChallengeAllowed to system callers
Fixes: 128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java (diff)| @@ -3156,6 +3156,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { | ||
| 3156 | 3156 | |
| 3157 | 3157 | @Override |
| 3158 | 3158 | public boolean isSeparateProfileChallengeAllowed(int userHandle) { |
| 3159 | + if (!isCallerWithSystemUid()) { | |
| 3160 | + throw new SecurityException("Caller must be system"); | |
| 3161 | + } | |
| 3159 | 3162 | ComponentName profileOwner = getProfileOwner(userHandle); |
| 3160 | 3163 | // Profile challenge is supported on N or newer release. |
| 3161 | 3164 | return profileOwner != null && |
Fork