summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Grafov <pgrafov@google.com>2019-04-10 11:47:25 (GMT)
committerPavel Grafov <pgrafov@google.com>2019-04-10 12:43:39 (GMT)
commit9061fcc46bb1ac5ffc16d036b632dd80963b7b52 (patch)
tree0918f121aed01177f59d1ce1768656c0e50cc983
parent7b5a576965696747041c93306a41ed656404ed20 (diff)
downloadframeworks_base-9061fcc46bb1ac5ffc16d036b632dd80963b7b52.zip
frameworks_base-9061fcc46bb1ac5ffc16d036b632dd80963b7b52.tar.gz
frameworks_base-9061fcc46bb1ac5ffc16d036b632dd80963b7b52.tar.bz2
Limit IsSeparateProfileChallengeAllowed to system callers
Fixes: 128599668 Test: build, set up separate challenge Merged-In: I2fef9ab13614627c0f1bcca04759d0974fc6181a Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java3
1 files changed, 3 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c09799e..9cc8214 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2999,6 +2999,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
@Override
public boolean isSeparateProfileChallengeAllowed(int userHandle) {
+ if (!isCallerWithSystemUid()) {
+ throw new SecurityException("Caller must be system");
+ }
ComponentName profileOwner = getProfileOwner(userHandle);
// Profile challenge is supported on N or newer release.
return profileOwner != null &&