Add missing check in hasGrantedPolicy

Add check that if component name is specified, it belong to the caller. Bug: 192247339 Test: NA Change-Id: I6f821d039a6dfd70fb005165af2c5cb13ad3de9b Merged-In: I6f821d039a6dfd70fb005165af2c5cb13ad3de9b (cherry picked from commit c7abd726dd508e327073df0293fcf9084c7004f0)
author: Ayush Sharma <ayushsha@google.com> 2021-09-13 14:27:52 +0000
committer: Ayush Sharma <ayushsha@google.com> 2021-09-16 12:06:24 +0000
commit: 251176e7748794928132121ac4f4390a55f34320 (patch)
tree: 868ee429495c4ec3d4339fb5daeedfebc8e4af63
parent: 4f3715c78dc7cecedbd6d052d08fe5407232e825 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 193d92a3b2ff..dca12245a6c2 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3599,6 +3599,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
         final CallerIdentity caller = getCallerIdentity();
         Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userHandle));
+        Preconditions.checkCallAuthorization(
+                isCallingFromPackage(adminReceiver.getPackageName(), caller.getUid())
+                        || isSystemUid(caller));
 
         synchronized (getLockObject()) {
             ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
author	Ayush Sharma <ayushsha@google.com>	2021-09-13 14:27:52 +0000
committer	Ayush Sharma <ayushsha@google.com>	2021-09-16 12:06:24 +0000
commit	251176e7748794928132121ac4f4390a55f34320 (patch)
tree	868ee429495c4ec3d4339fb5daeedfebc8e4af63
parent	4f3715c78dc7cecedbd6d052d08fe5407232e825 (diff)