summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAyush Sharma <ayushsha@google.com>2021-12-14 22:13:11 +0000
committerAyush Sharma <ayushsha@google.com>2022-01-13 11:47:34 +0000
commitb84b315bce5532641580187bb6ae76473f753c01 (patch)
tree51e189f382dc1477f18bfa4a2bdcbfb65b1fe513
parentab0466f9c8fc7631e1d3c9794b881e740f16ddec (diff)
downloadbase-b84b315bce5532641580187bb6ae76473f753c01.tar.gz
Enforce system privilege for getGlobalProxyAdmin
getGlobalProxyAdmin is a hidden API and called just from Settings. So enforcing system uid check. Bug: 206127671 Test: NA Change-Id: Id4bce828bc69867c9c4d20b991e9e53e8ae385f2 Merged-In: Id4bce828bc69867c9c4d20b991e9e53e8ae385f2 (cherry picked from commit 554e19a375bb3c61db7643b17ea411baf6bbe3e5)
Diffstat
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 41e605bea0a4..e8ad56d874ce 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7452,7 +7452,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkArgumentNonnegative(userHandle, "Invalid userId");
final CallerIdentity caller = getCallerIdentity();
- Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userHandle));
+ Preconditions.checkCallAuthorization(
+ hasFullCrossUsersPermission(caller, userHandle) && isSystemUid(caller));
synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 01:26:18 +0000