Merge "Prevent uninstalling the device management role" into tm-qpr-dev am: 2c11df7fe4
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/20691226
Change-Id: I8668e884169aafeae7d6be87dbc4646e38a343ca
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index b7b3326..1ea0984 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3211,6 +3211,7 @@
return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL);
}
+ // TODO(b/261957226): centralise this logic in DPM
boolean isPackageDeviceAdmin(String packageName, int userId) {
final IDevicePolicyManager dpm = getDevicePolicyManager();
try {
@@ -3237,6 +3238,9 @@
if (dpm.packageHasActiveAdmins(packageName, users[i])) {
return true;
}
+ if (isDeviceManagementRoleHolder(packageName, users[i])) {
+ return true;
+ }
}
}
} catch (RemoteException e) {
@@ -3244,6 +3248,24 @@
return false;
}
+ private boolean isDeviceManagementRoleHolder(String packageName, int userId) {
+ return Objects.equals(packageName, getDevicePolicyManagementRoleHolderPackageName(userId));
+ }
+
+ @Nullable
+ private String getDevicePolicyManagementRoleHolderPackageName(int userId) {
+ return Binder.withCleanCallingIdentity(() -> {
+ RoleManager roleManager = mContext.getSystemService(RoleManager.class);
+ List<String> roleHolders =
+ roleManager.getRoleHoldersAsUser(
+ RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT, UserHandle.of(userId));
+ if (roleHolders.isEmpty()) {
+ return null;
+ }
+ return roleHolders.get(0);
+ });
+ }
+
/** Returns the device policy manager interface. */
private IDevicePolicyManager getDevicePolicyManager() {
if (mDevicePolicyManager == null) {