DO NOT MERGE - Allow locking with feature or permission

Instead of requiring the DEVICE_ADMIN feature, we accept either
the feature or the appropriate permission.

Bug: 133240910
Test: Manual testing
Verify that API executes when on a device without DEVICE_ADMIN
when the caller has the LOCK_DEVICE permission.

Change-Id: I30bd0dc81d9d7b7ed5503a926066caffb389b9c0
(cherry picked from commit 3cc489b7f3dfcbe66a469bfce948884aec852ee4)

1 files changed, 3 insertions, 2 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 60d59b2a7558..037d12cdc83e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -629,7 +629,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
     /**
      * Whether or not device admin feature is supported. If it isn't return defaults for all
-     * public methods.
+     * public methods, unless the caller has the appropriate permission for a particular method.
      */
     final boolean mHasFeature;
 
@@ -5993,7 +5993,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
     @Override
     public void lockNow(int flags, boolean parent) {
-        if (!mHasFeature) {
+        if (!mHasFeature && mContext.checkCallingPermission(android.Manifest.permission.LOCK_DEVICE)
+                != PackageManager.PERMISSION_GRANTED) {
             return;
         }