diff options
Diffstat (limited to 'services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java')
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 911bb2a70173..55a1a459f202 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -98,6 +98,7 @@ import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageManagerInternal; import android.content.pm.ParceledListSlice; +import android.content.pm.PermissionInfo; import android.content.pm.ResolveInfo; import android.content.pm.ServiceInfo; import android.content.pm.StringParceledListSlice; @@ -151,6 +152,7 @@ import android.telephony.TelephonyManager; import android.text.TextUtils; import android.util.ArrayMap; import android.util.ArraySet; +import android.util.EventLog; import android.util.Log; import android.util.Pair; import android.util.Slog; @@ -9543,6 +9545,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { < android.os.Build.VERSION_CODES.M) { return false; } + if (!isRuntimePermission(permission)) { + EventLog.writeEvent(0x534e4554, "62623498", user.getIdentifier(), ""); + return false; + } final PackageManager packageManager = mInjector.getPackageManager(); switch (grantState) { case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { @@ -9569,6 +9575,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return true; } catch (SecurityException se) { return false; + } catch (NameNotFoundException e) { + return false; } finally { mInjector.binderRestoreCallingIdentity(ident); } @@ -9618,6 +9626,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + public boolean isRuntimePermission(String permissionName) throws NameNotFoundException { + final PackageManager packageManager = mInjector.getPackageManager(); + PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0); + return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) + == PermissionInfo.PROTECTION_DANGEROUS; + } + @Override public boolean isProvisioningAllowed(String action, String packageName) { Preconditions.checkNotNull(packageName); |