Google Git
Sign in
android / platform / frameworks / base / 522076dec34a^! / .
commit522076dec34afd35a580a01496489ec468fe1645[log] [tgz]
authorarangelov <arangelov@google.com>Mon May 24 18:48:06 2021 +0100
committerarangelov <arangelov@google.com>Wed May 26 14:15:23 2021 +0100
treeb7a50f34cf8006131dfffc3d3bec3b46de2e3253
parent5f28ee3e5242bb1ff6b36f9086d0cad7557484f6 [diff]
Clear calling identity when accessing isProfileOwner and listAllOwners

Last year we added a security fix ag/12968597 to address
b/153995973. Now, some DPM methods require the interact
across users permission, unlike in R. This CL aims to
prevent potential security exceptions in these methods
by clearing their calling identity.

Bug: 182279073
Test: atest DevicePolicyManagerTest
Change-Id: Ie861a7880160563f9613db72e3283edac294a7a1

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 90afd76..40a3a5d 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -1207,16 +1207,16 @@
     List<OwnerDto> listAllOwners() {
         Preconditions.checkCallAuthorization(
                 hasCallingOrSelfPermission(permission.MANAGE_DEVICE_ADMINS));
-
-        List<OwnerDto> owners = mOwners.listAllOwners();
-        synchronized (getLockObject()) {
-            for (int i = 0; i < owners.size(); i++) {
-                OwnerDto owner = owners.get(i);
-                owner.isAffiliated = isUserAffiliatedWithDeviceLocked(owner.userId);
+        return mInjector.binderWithCleanCallingIdentity(() -> {
+            List<OwnerDto> owners = mOwners.listAllOwners();
+            synchronized (getLockObject()) {
+                for (int i = 0; i < owners.size(); i++) {
+                    OwnerDto owner = owners.get(i);
+                    owner.isAffiliated = isUserAffiliatedWithDeviceLocked(owner.userId);
+                }
             }
-        }
-
-        return owners;
+            return owners;
+        });
     }
 
     /**
@@ -8341,7 +8341,8 @@
     }
 
     public boolean isProfileOwner(ComponentName who, int userId) {
-        final ComponentName profileOwner = getProfileOwnerAsUser(userId);
+        final ComponentName profileOwner = mInjector.binderWithCleanCallingIdentity(() ->
+                getProfileOwnerAsUser(userId));
         return who != null && who.equals(profileOwner);
     }
 
@@ -8358,7 +8359,8 @@
      */
     public boolean isProfileOwner(CallerIdentity caller) {
         synchronized (getLockObject()) {
-            final ComponentName profileOwner = getProfileOwnerAsUser(caller.getUserId());
+            final ComponentName profileOwner = mInjector.binderWithCleanCallingIdentity(() ->
+                    getProfileOwnerAsUser(caller.getUserId()));
             // No profile owner.
             if (profileOwner == null) {
                 return false;
@@ -8980,7 +8982,8 @@
         Preconditions.checkArgumentNonnegative(userId, "Invalid userId");
 
         CallerIdentity caller = getCallerIdentity();
-        Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userId));
+        Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userId)
+                || hasFullCrossUsersPermission(caller, userId));
 
         synchronized (getLockObject()) {
             return mOwners.getProfileOwnerComponent(userId);