diff options
author | Pavel Grafov <pgrafov@google.com> | 2019-04-10 12:47:25 +0100 |
---|---|---|
committer | Greg Wroblewski <musashi@google.com> | 2019-04-15 12:17:10 -0700 |
commit | 65b5375649c0f14574c87a95f86c36f389083fe6 (patch) | |
tree | efabb10b0ba7c7675209551add9e4568406c9b3d | |
parent | f6f3295956bf55be5b2608252790056939178ee0 (diff) | |
download | base-65b5375649c0f14574c87a95f86c36f389083fe6.tar.gz |
Limit IsSeparateProfileChallengeAllowed to system callers
Fixes: 128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 77cb99f64eed..b0e06eb4de10 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -3428,6 +3428,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean isSeparateProfileChallengeAllowed(int userHandle) { + if (!isCallerWithSystemUid()) { + throw new SecurityException("Caller must be system"); + } ComponentName profileOwner = getProfileOwner(userHandle); // Profile challenge is supported on N or newer release. return profileOwner != null && |