Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4dc008cda2980fabb6acbf8a3b7096d1090ee36f^! / . / services / core / java / com / android / server / pm / UserManagerService.java
commit4dc008cda2980fabb6acbf8a3b7096d1090ee36f[log] [tgz]
authorTony Mak <tonymak@google.com>Wed Mar 16 10:46:49 2016 +0000
committerTony Mak <tonymak@google.com>Wed Mar 16 10:49:02 2016 +0000
tree91fe7bda73e14915c5bef2ec0aedb487bb358100
parent54f264fcdb74f585d43a77159b28a11d2e77bf88 [diff] [blame]
Fix NotificationListenerService fail to mirror work notification

1. Instead of getting application info in runtime, just retrieve the
   one in the context to avoid cross user operation.

2. Functions in PackageManager that retrieve badged icon now return
   badged icon if the targer user is managed profile instead of checking
   whether target user is a managed profile of the user in mContext.

3. Relax the restriction of getUserInfo, if the caller is asking a user
   in the same profile group or having the manage user permission, we let
   it go.

Bug: 26469166

Change-Id: Ia1ffc5743f7d94bd489cdb7571eaed51499ebdd9

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 8206bda..5342f98 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -641,7 +641,12 @@
 
     @Override
     public UserInfo getUserInfo(int userId) {
-        checkManageUsersPermission("query user");
+        if (!hasManageUsersPermission()
+                && !isSameProfileGroupLP(UserHandle.getCallingUserId(), userId)) {
+            throw new SecurityException(
+                    "You need MANAGE_USERS permission to: query users outside profile group");
+        }
+
         synchronized (mUsersLock) {
             return getUserInfoLU(userId);
         }
@@ -1196,18 +1201,28 @@
      *
      * @param message used as message if SecurityException is thrown
      * @throws SecurityException if the caller is not system or root
+     * @see #hasManageUsersPermission()
      */
     private static final void checkManageUsersPermission(String message) {
-        final int uid = Binder.getCallingUid();
-        if (!UserHandle.isSameApp(uid, Process.SYSTEM_UID) && uid != Process.ROOT_UID
-                && ActivityManager.checkComponentPermission(
-                        android.Manifest.permission.MANAGE_USERS,
-                        uid, -1, true) != PackageManager.PERMISSION_GRANTED) {
+        if (!hasManageUsersPermission()) {
             throw new SecurityException("You need MANAGE_USERS permission to: " + message);
         }
     }
 
     /**
+     * @return whether the calling UID is system UID or root's UID or the calling app has the
+     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}.
+     */
+    private static final boolean hasManageUsersPermission() {
+        final int callingUid = Binder.getCallingUid();
+        return UserHandle.isSameApp(callingUid, Process.SYSTEM_UID)
+                || callingUid == Process.ROOT_UID
+                || ActivityManager.checkComponentPermission(
+                        android.Manifest.permission.MANAGE_USERS,
+                        callingUid, -1, true) == PackageManager.PERMISSION_GRANTED;
+    }
+
+    /**
      * Enforces that only the system UID or root's UID (on any user) can make certain calls to the
      * UserManager.
      *