Remove extra checks for content protection policy, add to lists
Bug: 321718961
Test: N/A
Change-Id: Ia9e25d900422cf0d85dd1de48458a24b691886fb
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 05d1c49..7efefeb 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -22286,6 +22286,7 @@
MANAGE_DEVICE_POLICY_CAMERA,
MANAGE_DEVICE_POLICY_CERTIFICATES,
MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE,
+ MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,
MANAGE_DEVICE_POLICY_DEFAULT_SMS,
MANAGE_DEVICE_POLICY_DISPLAY,
@@ -22369,6 +22370,7 @@
MANAGE_DEVICE_POLICY_CALLS,
MANAGE_DEVICE_POLICY_CAMERA,
MANAGE_DEVICE_POLICY_CERTIFICATES,
+ MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,
MANAGE_DEVICE_POLICY_DISPLAY,
MANAGE_DEVICE_POLICY_FACTORY_RESET,
@@ -23184,38 +23186,6 @@
}
}
- private EnforcingAdmin enforceCanCallContentProtectionLocked(
- ComponentName who, String callerPackageName) {
- CallerIdentity caller = getCallerIdentity(who, callerPackageName);
- final int userId = caller.getUserId();
-
- EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
- who,
- MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
- caller.getPackageName(),
- userId
- );
- if ((isDeviceOwner(caller) || isProfileOwner(caller))
- && !canDPCManagedUserUseLockTaskLocked(userId)) {
- throw new SecurityException(
- "User " + userId + " is not allowed to use content protection");
- }
- return enforcingAdmin;
- }
-
- private void enforceCanQueryContentProtectionLocked(
- ComponentName who, String callerPackageName) {
- CallerIdentity caller = getCallerIdentity(who, callerPackageName);
- final int userId = caller.getUserId();
-
- enforceCanQuery(MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, caller.getPackageName(), userId);
- if ((isDeviceOwner(caller) || isProfileOwner(caller))
- && !canDPCManagedUserUseLockTaskLocked(userId)) {
- throw new SecurityException(
- "User " + userId + " is not allowed to use content protection");
- }
- }
-
@Override
public void setContentProtectionPolicy(
ComponentName who, String callerPackageName, @ContentProtectionPolicy int policy)
@@ -23225,24 +23195,21 @@
}
CallerIdentity caller = getCallerIdentity(who, callerPackageName);
+ int userId = caller.getUserId();
checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_CONTENT_PROTECTION_POLICY);
-
- EnforcingAdmin enforcingAdmin;
- synchronized (getLockObject()) {
- enforcingAdmin = enforceCanCallContentProtectionLocked(who, caller.getPackageName());
- }
+ EnforcingAdmin enforcingAdmin =
+ enforcePermissionAndGetEnforcingAdmin(
+ who, MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, callerPackageName, userId);
if (policy == CONTENT_PROTECTION_DISABLED) {
mDevicePolicyEngine.removeLocalPolicy(
- PolicyDefinition.CONTENT_PROTECTION,
- enforcingAdmin,
- caller.getUserId());
+ PolicyDefinition.CONTENT_PROTECTION, enforcingAdmin, userId);
} else {
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.CONTENT_PROTECTION,
enforcingAdmin,
new IntegerPolicyValue(policy),
- caller.getUserId());
+ userId);
}
}
@@ -23254,13 +23221,11 @@
}
CallerIdentity caller = getCallerIdentity(who, callerPackageName);
- final int userHandle = caller.getUserId();
+ int userId = caller.getUserId();
+ enforceCanQuery(MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, callerPackageName, userId);
- synchronized (getLockObject()) {
- enforceCanQueryContentProtectionLocked(who, caller.getPackageName());
- }
- Integer policy = mDevicePolicyEngine.getResolvedPolicy(
- PolicyDefinition.CONTENT_PROTECTION, userHandle);
+ Integer policy =
+ mDevicePolicyEngine.getResolvedPolicy(PolicyDefinition.CONTENT_PROTECTION, userId);
if (policy == null) {
return CONTENT_PROTECTION_DISABLED;
} else {