Fix DevicePolicyManager.isBackupServiceEnabled() breakage.

http://ag/12885739 introduced a enforceCallingPermission(BACKUP) check but callers of this API do not hold that permission. This CL fixes this by changing the check to enforceCallingOrSelfPermission(BACKUP), and clearing the binder identity in DevicePolicyManagerService, which makes the system server process the owner of that call. Bug: 158482162 Bug: 172466964 Test: atest com.android.cts.devicepolicy.{Device,Profile}OwnerTest#testBackupServiceEnabling Change-Id: I11d863229c4d62a058aaf37446a694b9c73ae5b8 Merged-In: I11d863229c4d62a058aaf37446a694b9c73ae5b8 (cherry picked from commit 630dec9eb496bc70db44c4f0b4196ea91e7df6cb)
author: Tobias Thierer <tobiast@google.com> 2020-12-10 13:46:08 +0000
committer: Tobias Thierer <tobiast@google.com> 2020-12-11 00:55:44 +0000
commit: dabbcf5903dc6838488fe67bee1f97cc5078cc5a (patch)
tree: 0bdf53379c4f0132a2903fccda8017a53da674b6 /services/devicepolicy
parent: c6d183923ced854d78896b2ea6d7db21a65c5f45 (diff)
1 files changed, 10 insertions, 8 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index bf10526aeec2..dd83780826e5 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -14454,15 +14454,17 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         }
 
         enforceProfileOrDeviceOwner(admin);
-        synchronized (getLockObject()) {
-            try {
-                IBackupManager ibm = mInjector.getIBackupManager();
-                return ibm != null && ibm.isBackupServiceActive(
-                    mInjector.userHandleGetCallingUserId());
-            } catch (RemoteException e) {
-                throw new IllegalStateException("Failed requesting backup service state.", e);
+        final int userId = mInjector.userHandleGetCallingUserId();
+        return mInjector.binderWithCleanCallingIdentity(() -> {
+            synchronized (getLockObject()) {
+                try {
+                    IBackupManager ibm = mInjector.getIBackupManager();
+                    return ibm != null && ibm.isBackupServiceActive(userId);
+                } catch (RemoteException e) {
+                    throw new IllegalStateException("Failed requesting backup service state.", e);
+                }
             }
-        }
+        });
     }
 
     @Override
author	Tobias Thierer <tobiast@google.com>	2020-12-10 13:46:08 +0000
committer	Tobias Thierer <tobiast@google.com>	2020-12-11 00:55:44 +0000
commit	dabbcf5903dc6838488fe67bee1f97cc5078cc5a (patch)
tree	0bdf53379c4f0132a2903fccda8017a53da674b6 /services/devicepolicy
parent	c6d183923ced854d78896b2ea6d7db21a65c5f45 (diff)