diff options
author | Ayush Sharma <ayushsha@google.com> | 2021-12-14 22:13:11 +0000 |
---|---|---|
committer | Ayush Sharma <ayushsha@google.com> | 2022-01-13 11:47:34 +0000 |
commit | b84b315bce5532641580187bb6ae76473f753c01 (patch) | |
tree | 51e189f382dc1477f18bfa4a2bdcbfb65b1fe513 | |
parent | ab0466f9c8fc7631e1d3c9794b881e740f16ddec (diff) | |
download | base-b84b315bce5532641580187bb6ae76473f753c01.tar.gz |
Enforce system privilege for getGlobalProxyAdmin
getGlobalProxyAdmin is a hidden API and called just from Settings.
So enforcing system uid check.
Bug: 206127671
Test: NA
Change-Id: Id4bce828bc69867c9c4d20b991e9e53e8ae385f2
Merged-In: Id4bce828bc69867c9c4d20b991e9e53e8ae385f2
(cherry picked from commit 554e19a375bb3c61db7643b17ea411baf6bbe3e5)
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 41e605bea0a4..e8ad56d874ce 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -7452,7 +7452,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Preconditions.checkArgumentNonnegative(userHandle, "Invalid userId"); final CallerIdentity caller = getCallerIdentity(); - Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userHandle)); + Preconditions.checkCallAuthorization( + hasFullCrossUsersPermission(caller, userHandle) && isSystemUid(caller)); synchronized (getLockObject()) { DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); |