[RESTRICT AUTOMERGE] Added missing permission check to isPackageDeviceAdminOnAnyUser.
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
Test: Modify the settings app to log the call attempt and follow the
steps below
In order to work around the limitations of N builds we needed to modify
the settings app to log the call attempt. This is described in detail at
b/128599183#comment15
Bug: 128599183
Change-Id: Ie96c8e174983f61574f12d5d4b210d06377054e5
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 94930741..478ee29 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -15637,6 +15637,13 @@
@Override
public boolean isPackageDeviceAdminOnAnyUser(String packageName) {
+ final int callingUid = Binder.getCallingUid();
+ if (checkUidPermission(android.Manifest.permission.MANAGE_USERS, callingUid)
+ != PERMISSION_GRANTED) {
+ EventLog.writeEvent(0x534e4554, "128599183", -1, "");
+ throw new SecurityException(android.Manifest.permission.MANAGE_USERS
+ + " permission is required to call this API");
+ }
return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL);
}