Secure MATCH_UNINSTALLED_PACKAGES across users
Introduce a new internal flag MATCH_ANY_USER for genuine uses
of searching through all apps on the device.
Some temporary accommodations for Launchers that reach across
to the work profile until we have a new LauncherApps API to do
that officially.
Bug: 31000380
Test: CTS tests added
Change-Id: I2e43dc49d6c2e11814a8f8d1eb07ef557f31af34
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 20afed7..c4241e7 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -2716,7 +2716,7 @@
public Bundle getApplicationRestrictionsForUser(String packageName, int userId) {
if (UserHandle.getCallingUserId() != userId
|| !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {
- checkSystemOrRoot("get application restrictions for other users/apps");
+ checkSystemOrRoot("get application restrictions for other user/app " + packageName);
}
synchronized (mPackagesLock) {
// Read the restrictions from XML
@@ -2751,7 +2751,7 @@
long ident = Binder.clearCallingIdentity();
try {
return mContext.getPackageManager().getApplicationInfo(packageName,
- PackageManager.MATCH_UNINSTALLED_PACKAGES).uid;
+ PackageManager.MATCH_ANY_USER).uid;
} catch (NameNotFoundException nnfe) {
return -1;
} finally {
@@ -3717,4 +3717,23 @@
}
return 0;
}
+
+ /**
+ * Checks if the given user has a managed profile associated with it.
+ * @param userId The parent user
+ * @return
+ */
+ boolean hasManagedProfile(int userId) {
+ synchronized (mUsersLock) {
+ UserInfo userInfo = getUserInfoLU(userId);
+ final int userSize = mUsers.size();
+ for (int i = 0; i < userSize; i++) {
+ UserInfo profile = mUsers.valueAt(i).info;
+ if (userId != profile.id && isProfileOf(userInfo, profile)) {
+ return true;
+ }
+ }
+ return false;
+ }
+ }
}