Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 2a5d6c6cbd0286ebca844d4fb8f4d3437ad1ecdd^! / . / services / core / java / com / android / server / pm / UserManagerService.java
commit2a5d6c6cbd0286ebca844d4fb8f4d3437ad1ecdd[log] [tgz]
authorEsteban Talavera <etalavera@google.com>Wed Oct 21 10:55:56 2015 +0100
committerEsteban Talavera <etalavera@google.com>Wed Oct 21 10:55:56 2015 +0100
tree7ffb8d1f631eecd3a96ca8ea5b5f9832a35d0efb
parent4fc74408656edd2590e22f0f413d90c9114931db [diff] [blame]
Only system can set app restrictions

Only system/root UIDs or components with MANAGE_USERS permission
can set app restrictions. Apps should only be able to retrieve their
own restrictions, but not set them.

Change-Id: I1ebf30dc6ef5af12fa79230618f89b43aa7b1fb6

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index de106a1..84fc383 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -576,8 +576,6 @@
 
     @Override
     public Bundle getUserRestrictions(int userId) {
-        // checkManageUsersPermission("getUserRestrictions");
-
         synchronized (mPackagesLock) {
             Bundle restrictions = mUserRestrictions.get(userId);
             return restrictions != null ? new Bundle(restrictions) : new Bundle();
@@ -1648,7 +1646,7 @@
     public Bundle getApplicationRestrictionsForUser(String packageName, int userId) {
         if (UserHandle.getCallingUserId() != userId
                 || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {
-            checkManageUsersPermission("Only system can get restrictions for other users/apps");
+            checkManageUsersPermission("get application restrictions for other users/apps");
         }
         synchronized (mPackagesLock) {
             // Read the restrictions from XML
@@ -1659,10 +1657,7 @@
     @Override
     public void setApplicationRestrictions(String packageName, Bundle restrictions,
             int userId) {
-        if (UserHandle.getCallingUserId() != userId
-                || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {
-            checkManageUsersPermission("Only system can set restrictions for other users/apps");
-        }
+        checkManageUsersPermission("set application restrictions");
         synchronized (mPackagesLock) {
             if (restrictions == null || restrictions.isEmpty()) {
                 cleanAppRestrictionsForPackage(packageName, userId);
@@ -1683,7 +1678,7 @@
 
     @Override
     public void removeRestrictions() {
-        checkManageUsersPermission("Only system can remove restrictions");
+        checkManageUsersPermission("remove restrictions");
         final int userHandle = UserHandle.getCallingUserId();
         removeRestrictionsForUser(userHandle, true);
     }