@@ -1277,11 +1277,13 @@ && getProfileOwner(userId).getPackageName()
12771277 && !hasUserSetupCompleted (userId );
12781278
12791279 if (reqPolicy == DeviceAdminInfo .USES_POLICY_DEVICE_OWNER ) {
1280- if (ownsDevice || (userId == UserHandle .USER_OWNER && ownsInitialization )) {
1280+ if ((userId == UserHandle .USER_OWNER && (ownsDevice || ownsInitialization ))
1281+ || (ownsDevice && ownsProfile )) {
12811282 return true ;
12821283 }
12831284 } else if (reqPolicy == DeviceAdminInfo .USES_POLICY_PROFILE_OWNER ) {
1284- if (ownsDevice || ownsProfile || ownsInitialization ) {
1285+ if ((userId == UserHandle .USER_OWNER && ownsDevice ) || ownsProfile
1286+ || ownsInitialization ) {
12851287 return true ;
12861288 }
12871289 } else {
@@ -4244,6 +4246,17 @@ public boolean setDeviceInitializer(ComponentName who, ComponentName initializer
42444246 throw new IllegalArgumentException ("Invalid component name " + initializer
42454247 + " for device initializer" );
42464248 }
4249+ boolean isInitializerSystemApp ;
4250+ try {
4251+ isInitializerSystemApp = isSystemApp (AppGlobals .getPackageManager (),
4252+ initializer .getPackageName (), Binder .getCallingUserHandle ().getIdentifier ());
4253+ } catch (RemoteException | IllegalArgumentException e ) {
4254+ isInitializerSystemApp = false ;
4255+ Slog .e (LOG_TAG , "Fail to check if device initialzer is system app." , e );
4256+ }
4257+ if (!isInitializerSystemApp ) {
4258+ throw new IllegalArgumentException ("Only system app can be set as device initializer." );
4259+ }
42474260 synchronized (this ) {
42484261 enforceCanSetDeviceInitializer (who );
42494262
0 commit comments