Require TRIGGER_LOST_MODE permission for sendLostModeLocationUpdate
Changes:
* Use TRIGGER_LOST_MODE permission to gate the
DevicePolicyManager API sendLostModeLocationUpdate
Bug: 223148704
Test: atest android.devicepolicy.cts.LostModeLocationTest
Change-Id: If15388a377c75b7581c9c2a35b3d9828f78e13fc
Merged-In: If15388a377c75b7581c9c2a35b3d9828f78e13fc
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 57107c2..0e9980f 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -1108,7 +1108,7 @@
method @RequiresPermission("android.permission.NOTIFY_PENDING_SYSTEM_UPDATE") public void notifyPendingSystemUpdate(long, boolean);
method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) public boolean packageHasActiveAdmins(String);
method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, android.Manifest.permission.PROVISION_DEMO_DEVICE}) public void provisionFullyManagedDevice(@NonNull android.app.admin.FullyManagedDeviceProvisioningParams) throws android.app.admin.ProvisioningException;
- method @RequiresPermission(android.Manifest.permission.SEND_LOST_MODE_LOCATION_UPDATES) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
+ method @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException;
method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setDpcDownloaded(boolean);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 82e5ebf..df6627c 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -6197,7 +6197,7 @@
* organization-owned managed profile.
*
* <p>The caller must hold the
- * {@link android.Manifest.permission#SEND_LOST_MODE_LOCATION_UPDATES} permission.
+ * {@link android.Manifest.permission#TRIGGER_LOST_MODE} permission.
*
* <p> Not for use by third-party applications.
*
@@ -6207,7 +6207,7 @@
* @hide
*/
@SystemApi
- @RequiresPermission(android.Manifest.permission.SEND_LOST_MODE_LOCATION_UPDATES)
+ @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE)
public void sendLostModeLocationUpdate(@NonNull @CallbackExecutor Executor executor,
@NonNull Consumer<Boolean> callback) {
throwIfParentInstance("sendLostModeLocationUpdate");
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 955aee9..03384a2 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -110,7 +110,7 @@
<uses-permission android:name="android.permission.ACCESS_NOTIFICATION_POLICY" />
<uses-permission android:name="android.permission.READ_INSTALL_SESSIONS" />
<uses-permission android:name="android.permission.USE_FULL_SCREEN_INTENT" />
- <uses-permission android:name="android.permission.SEND_LOST_MODE_LOCATION_UPDATES" />
+ <uses-permission android:name="android.permission.TRIGGER_LOST_MODE" />
<!-- ACCESS_BACKGROUND_LOCATION is needed for testing purposes only. -->
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
<!-- ACCESS_MTP is needed for testing purposes only. -->
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 55e504a..486b6a1 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7233,7 +7233,7 @@
return;
}
Preconditions.checkCallAuthorization(
- hasCallingOrSelfPermission(permission.SEND_LOST_MODE_LOCATION_UPDATES));
+ hasCallingOrSelfPermission(permission.TRIGGER_LOST_MODE));
synchronized (getLockObject()) {
final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 484dc84..197c21f 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -8455,7 +8455,7 @@
@Test
public void testSendLostModeLocationUpdate_notOrganizationOwnedDevice() {
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
assertThrows(IllegalStateException.class, () -> dpm.sendLostModeLocationUpdate(
getServices().executor, /* empty callback */ result -> {}));
}
@@ -8463,7 +8463,7 @@
@Test
public void testSendLostModeLocationUpdate_asDeviceOwner() throws Exception {
final String TEST_PROVIDER = "network";
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
setDeviceOwner();
when(getServices().locationManager.getAllProviders()).thenReturn(List.of(TEST_PROVIDER));
when(getServices().locationManager.isProviderEnabled(TEST_PROVIDER)).thenReturn(true);
@@ -8480,7 +8480,7 @@
final int MANAGED_PROFILE_ADMIN_UID =
UserHandle.getUid(CALLER_USER_HANDLE, DpmMockContext.SYSTEM_UID);
mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
- mContext.callerPermissions.add(permission.SEND_LOST_MODE_LOCATION_UPDATES);
+ mContext.callerPermissions.add(permission.TRIGGER_LOST_MODE);
addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE);
when(getServices().locationManager.getAllProviders()).thenReturn(List.of(TEST_PROVIDER));