Merge "Give the PO the MANAGE_DEVICE_POLICY_CERTIFICATES permission" into udc-dev am: e8899cf651 am: 5263ffa52d
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22760257
Change-Id: I08161a8173964fee6f6c02e8d7a45d150fae39fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 675ebd3..dedc073 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -10748,7 +10748,9 @@
@VisibleForTesting
boolean hasDeviceIdAccessUnchecked(String packageName, int uid) {
final int userId = UserHandle.getUserId(uid);
- if (isPermissionCheckFlagEnabled()) {
+ // TODO(b/280048070): Introduce a permission to handle device ID access
+ if (isPermissionCheckFlagEnabled()
+ && !(isUidProfileOwnerLocked(uid) || isUidDeviceOwnerLocked(uid))) {
return hasPermission(MANAGE_DEVICE_POLICY_CERTIFICATES, packageName, userId);
} else {
ComponentName deviceOwner = getDeviceOwnerComponent(true);
@@ -22930,6 +22932,7 @@
MANAGE_DEVICE_POLICY_LOCATION,
MANAGE_DEVICE_POLICY_LOCK,
MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS,
+ MANAGE_DEVICE_POLICY_CERTIFICATES,
MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION,
MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY,
MANAGE_DEVICE_POLICY_PACKAGE_STATE,