Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 8668395a6d6a5767cd92973da84e8cc83cdebeac
commit8668395a6d6a5767cd92973da84e8cc83cdebeac[log] [tgz]
authorRubin Xu <rubinxu@google.com>Wed Jan 24 17:27:25 2024 +0000
committerRubin Xu <rubinxu@google.com>Tue Feb 13 19:19:36 2024 +0000
treef4a37519adf36f1f2115f240966edd8754d371e3
parent9027446c37c6e5a2d61ebc063d4a9c27294b5ea9 [diff]
Make zero trust related APIs callable by permission holders

1. getEnrollmentSpecificId
This is currently callable by DO, PO and DELEGATION_CERT_INSTALL
delegates. Convert this to MANAGE_DEVICE_POLICY_CERTIFICATES
permission which DO, PO and DELEGATION_CERT_INSTALL all holds
already (the DMRH also has this permission granted already)

2. getPendingSystemUpdate
A new MANAGE_DEVICE_POLICY_SYSTEM_UPDATE_INFO permission is added
to guard getPendingSystemUpdate. We also allow system update
services (identified by the existing NOTIFY_PENDING_SYSTEM_UPDATE
permission) who sets system update information to retrieve
what it previously set via getPendingSystemUpdate.

3. notifyPendingSystemUpdate
Also send ACTION_NOTIFY_PENDING_SYSTEM_UPDATE to all instances of
the Device Management Role Holder.

Bug: 254653320
Bug: 289520697
Test: EnrollmentSpecificIdTest
      android.devicepolicy.cts.PendingSystemUpdateTest
      android.permissionpolicy.cts

Change-Id: I35367d115564f624fa8b3302c8ed4e2825c67893
4 files changed
tree: f4a37519adf36f1f2115f240966edd8754d371e3
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-legacy/
  39. test-mock/
  40. test-runner/
  41. tests/
  42. tools/
  43. wifi/
  44. .clang-format
  45. .gitignore
  46. .mailmap
  47. AconfigFlags.bp
  48. ADPF_OWNERS
  49. Android.bp
  50. Android.mk
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. ktfmt_includes.txt
  60. lint-baseline.xml
  61. MEMORY_OWNERS
  62. METADATA
  63. MODULE_LICENSE_APACHE2
  64. MULTIUSER_OWNERS
  65. NOTICE
  66. OWNERS
  67. OWNERS.md
  68. PACKAGE_MANAGER_OWNERS
  69. pathmap.mk
  70. PERFORMANCE_OWNERS
  71. PREUPLOAD.cfg
  72. ProtoLibraries.bp
  73. Ravenwood.bp
  74. SECURITY_STATE_OWNERS
  75. SQLITE_OWNERS
  76. TEST_MAPPING
  77. TestProtoLibraries.bp
  78. THERMAL_OWNERS
  79. TRACE_OWNERS
  80. WEAR_OWNERS
  81. ZYGOTE_OWNERS