From cd8d052f25b5b912a65e345b52da6eea5bd99736 Mon Sep 17 00:00:00 2001
From: Sudheer Shanka <sudheersai@google.com>
Date: Mon, 18 Jan 2016 15:03:57 +0000
Subject: [PATCH] Check for MANAGE_DEVICE_ADMINS permission instead of uids.

Currently, in ShowAdminSupportDetailsDialog we use uid check to
restrict only system to pass extras. Relaxing that condition to
allow any package with MANAGE_DEVICE_ADMINS permission to pass extras.

Change-Id: I0351c1f82321b2304a61b5831788806636402610
---
 .../ShowAdminSupportDetailsDialog.java        | 27 ++++++++++++-------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/com/android/settings/ShowAdminSupportDetailsDialog.java b/src/com/android/settings/ShowAdminSupportDetailsDialog.java
index 85e90cf8d87..bc7168f25fc 100644
--- a/src/com/android/settings/ShowAdminSupportDetailsDialog.java
+++ b/src/com/android/settings/ShowAdminSupportDetailsDialog.java
@@ -26,6 +26,7 @@ import android.content.ComponentName;
 import android.content.DialogInterface;
 import android.content.Intent;
 import android.content.pm.ActivityInfo;
+import android.content.pm.PackageManager;
 import android.graphics.drawable.Drawable;
 import android.os.Bundle;
 import android.os.RemoteException;
@@ -52,16 +53,10 @@ public class ShowAdminSupportDetailsDialog extends Activity
         int userId = UserHandle.myUserId();
         Intent intent = getIntent();
         if (intent != null) {
-            IActivityManager am = ActivityManagerNative.getDefault();
-            try {
-                int uid = am.getLaunchedFromUid(getActivityToken());
-                // Only allow system to specify admin and user.
-                if (UserHandle.isSameApp(uid, android.os.Process.myUid())) {
-                    admin = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);
-                    userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
-                }
-            } catch (RemoteException e) {
-                Log.e(TAG, "Could not talk to activity manager.", e);
+            // Only allow apps with MANAGE_DEVICE_ADMINS permission to specify admin and user.
+            if (checkIfCallerHasPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS)) {
+                admin = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);
+                userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
             }
         }
 
@@ -76,6 +71,18 @@ public class ShowAdminSupportDetailsDialog extends Activity
                 .show();
     }
 
+    private boolean checkIfCallerHasPermission(String permission) {
+        IActivityManager am = ActivityManagerNative.getDefault();
+        try {
+            final int uid = am.getLaunchedFromUid(getActivityToken());
+            return AppGlobals.getPackageManager().checkUidPermission(permission, uid)
+                    == PackageManager.PERMISSION_GRANTED;
+        } catch (RemoteException e) {
+            Log.e(TAG, "Could not talk to activity manager.", e);
+        }
+        return false;
+    }
+
     private void setAdminSupportDetails(View root, final ComponentName admin, final int userId) {
         if (admin != null) {
             CharSequence supportMessage = mDpm.getShortSupportMessageForUser(admin, userId);