Require TRIGGER_LOST_MODE permission for sendLostModeLocationUpdate
Changes:
* Use TRIGGER_LOST_MODE permission to gate the
DevicePolicyManager API sendLostModeLocationUpdate
Bug: 206945072
Test: atest android.devicepolicy.cts.LostModeLocationTest
Change-Id: If15388a377c75b7581c9c2a35b3d9828f78e13fc
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 21384e6e..adff739 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -1104,7 +1104,7 @@
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void provisionFullyManagedDevice(@NonNull android.app.admin.FullyManagedDeviceProvisioningParams) throws android.app.admin.ProvisioningException;
method @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES) public void resetDrawables(@NonNull String[]);
method @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES) public void resetStrings(@NonNull String[]);
- method @RequiresPermission(android.Manifest.permission.SEND_LOST_MODE_LOCATION_UPDATES) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
+ method @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException;
method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setDpcDownloaded(boolean);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 9a7093e..24ef167 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -6070,7 +6070,7 @@
* organization-owned managed profile.
*
* <p>The caller must hold the
- * {@link android.Manifest.permission#SEND_LOST_MODE_LOCATION_UPDATES} permission.
+ * {@link android.Manifest.permission#TRIGGER_LOST_MODE} permission.
*
* <p> Not for use by third-party applications.
*
@@ -6080,7 +6080,7 @@
* @hide
*/
@SystemApi
- @RequiresPermission(android.Manifest.permission.SEND_LOST_MODE_LOCATION_UPDATES)
+ @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE)
public void sendLostModeLocationUpdate(@NonNull @CallbackExecutor Executor executor,
@NonNull Consumer<Boolean> callback) {
throwIfParentInstance("sendLostModeLocationUpdate");
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index f0b180e..404ee11 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -110,7 +110,7 @@
<uses-permission android:name="android.permission.ACCESS_NOTIFICATION_POLICY" />
<uses-permission android:name="android.permission.READ_INSTALL_SESSIONS" />
<uses-permission android:name="android.permission.USE_FULL_SCREEN_INTENT" />
- <uses-permission android:name="android.permission.SEND_LOST_MODE_LOCATION_UPDATES" />
+ <uses-permission android:name="android.permission.TRIGGER_LOST_MODE" />
<!-- ACCESS_BACKGROUND_LOCATION is needed for testing purposes only. -->
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
<!-- ACCESS_MTP is needed for testing purposes only. -->
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 8977390..ab51682 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7225,7 +7225,7 @@
return;
}
Preconditions.checkCallAuthorization(
- hasCallingOrSelfPermission(permission.SEND_LOST_MODE_LOCATION_UPDATES));
+ hasCallingOrSelfPermission(permission.TRIGGER_LOST_MODE));
synchronized (getLockObject()) {
final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index f1236a6..cdc1e65 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -8459,7 +8459,7 @@
@Test
public void testSendLostModeLocationUpdate_notOrganizationOwnedDevice() {
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
assertThrows(IllegalStateException.class, () -> dpm.sendLostModeLocationUpdate(
getServices().executor, /* empty callback */ result -> {}));
}
@@ -8467,7 +8467,7 @@
@Test
public void testSendLostModeLocationUpdate_asDeviceOwner() throws Exception {
final String TEST_PROVIDER = "network";
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
setDeviceOwner();
when(getServices().locationManager.getAllProviders()).thenReturn(List.of(TEST_PROVIDER));
when(getServices().locationManager.isProviderEnabled(TEST_PROVIDER)).thenReturn(true);
@@ -8484,7 +8484,7 @@
final int MANAGED_PROFILE_ADMIN_UID =
UserHandle.getUid(CALLER_USER_HANDLE, DpmMockContext.SYSTEM_UID);
mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE);
when(getServices().locationManager.getAllProviders()).thenReturn(List.of(TEST_PROVIDER));