commit 342fd8348361a866c4e80eaf7383bdb0bd536736
author kholoud mohamed <kholoudm@google.com> Wed Jun 09 15:05:18 2021 +0100
committer Kholoud Mohamed <kholoudm@google.com> Thu Jun 10 13:49:25 2021 +0000
tree eea7752098525e7213b68f037286a7a23372edea
parent 271c600617c66e97afca9354843b54b1b02a4865

Fix security vulnerability in DPMS

Changed DPMS#isPackageAllowedToAccessCalendarForUser to always require
INTERACT_ACROSS_USERS/_FULL permission if called for a different uid
than the calling uid.

Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Bug: 187043716
Change-Id: I230bbffbdf97c251c8a40add097b3b4254d39452