Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / edab0461fd458d810550dcf69df919d241e5eb93^! / .
commitedab0461fd458d810550dcf69df919d241e5eb93[log] [tgz]
authorRubin Xu <rubinxu@google.com>Fri Jan 03 20:26:28 2025 +0000
committerRubin Xu <rubinxu@google.com>Fri Jan 03 20:26:28 2025 +0000
tree71de7ab2067dbd799104bb923ba4b93c1c417eb3
parent8bd6ab3a84e4db6cdb8429759be8c57a11ea9a80 [diff]
Fix DPM.getScreenCaptureDisabled on parent user

Bug: 265431659
Test: ScreenCaptureDisabledTest
Flag: EXEMPT bugfix
Change-Id: I522e00ce48d5e80f7237e990b7cb2ee3fe4c4111

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 2627895..e9eafd3 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -8909,11 +8909,15 @@
 
         if (parent) {
             Preconditions.checkCallAuthorization(
-                    isProfileOwnerOfOrganizationOwnedDevice(getCallerIdentity().getUserId()));
+                    isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()));
+            // If a DPC is querying on the parent instance, make sure it's only querying the parent
+            // user of itself. Querying any other user is not allowed.
+            Preconditions.checkArgument(caller.getUserId() == userHandle);
         }
+        int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle;
         Boolean disallowed = mDevicePolicyEngine.getResolvedPolicy(
                 PolicyDefinition.SCREEN_CAPTURE_DISABLED,
-                userHandle);
+                affectedUserId);
         return disallowed != null && disallowed;
     }