Move UserManagerInternal into services.jar
Because SettingsProvider needs to call through the IUserManager
interface there is now a method to provide restricted-access information
via that route. It has the same protection as the implicit local
service call surface that was previously used: only system-uid callers
can invoke it.
Bug: 140833849
Test: system boots & runs normally
Change-Id: I05823ca57240ab10feb382c45590541212e406c1
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 95baa01..8814f6d 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -54,6 +54,7 @@
import android.os.IBinder;
import android.os.IProgressListener;
import android.os.IUserManager;
+import android.os.IUserRestrictionsListener;
import android.os.Message;
import android.os.ParcelFileDescriptor;
import android.os.Parcelable;
@@ -1606,6 +1607,36 @@
return false;
}
+ @Override
+ public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId,
+ String value, int callingUid) {
+ if (Binder.getCallingUid() != Process.SYSTEM_UID) {
+ throw new SecurityException("Non-system caller");
+ }
+ return UserRestrictionsUtils.isSettingRestrictedForUser(mContext, setting, userId,
+ value, callingUid);
+ }
+
+ @Override
+ public void addUserRestrictionsListener(final IUserRestrictionsListener listener) {
+ if (Binder.getCallingUid() != Process.SYSTEM_UID) {
+ throw new SecurityException("Non-system caller");
+ }
+
+ // NOTE: unregistering not supported; only client is the settings provider,
+ // which installs a single static permanent listener. If that listener goes
+ // bad it implies the whole system process is going to crash.
+ mLocalService.addUserRestrictionsListener(
+ (int userId, Bundle newRestrict, Bundle prevRestrict) -> {
+ try {
+ listener.onUserRestrictionsChanged(userId, newRestrict, prevRestrict);
+ } catch (RemoteException re) {
+ Slog.e("IUserRestrictionsListener",
+ "Unable to invoke listener: " + re.getMessage());
+ }
+ });
+ }
+
/**
* @hide
*
@@ -4410,7 +4441,7 @@
@Override
public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId,
String value, int callingUid) {
- return UserRestrictionsUtils.isSettingRestrictedForUser(mContext, setting, userId,
+ return UserManagerService.this.isSettingRestrictedForUser(setting, userId,
value, callingUid);
}