Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / cd6fa30fda78ce26cfe8e741d60867248b0ead7a^! / . / services / core / java / com / android / server / pm / UserManagerService.java
commitcd6fa30fda78ce26cfe8e741d60867248b0ead7a[log] [tgz]
authorOleksandr Peletskyi <peletskyi@google.com>Thu Feb 25 16:28:39 2016 +0100
committerOleksandr Peletskyi <peletskyi@google.com>Thu Mar 10 14:17:55 2016 +0100
tree76a04c8a7ad4922c34927044b6b71756e3941c8c
parentcb1b27b6f8e728f12a2e8a5c172aa249440d611f [diff] [blame]
Allow user to get his own icon.

Fixed behavior in order to let user without MANAGE_USERS permission
to obtain his own icon or any icon of the user's 'user group'.

BUG: 27583869
Change-Id: I71a86b0816db1d9c4543db375de504395a726a8d

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 5490260..8206bda 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -50,6 +50,7 @@
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.ResultReceiver;
+import android.os.SELinux;
 import android.os.ServiceManager;
 import android.os.ShellCommand;
 import android.os.UserHandle;
@@ -758,23 +759,28 @@
     }
 
     @Override
-    public ParcelFileDescriptor getUserIcon(int userId) {
+    public ParcelFileDescriptor getUserIcon(int targetUserId) {
         String iconPath;
         synchronized (mPackagesLock) {
-            UserInfo info = getUserInfoNoChecks(userId);
-            if (info == null || info.partial) {
-                Slog.w(LOG_TAG, "getUserIcon: unknown user #" + userId);
+            UserInfo targetUserInfo = getUserInfoNoChecks(targetUserId);
+            if (targetUserInfo == null || targetUserInfo.partial) {
+                Slog.w(LOG_TAG, "getUserIcon: unknown user #" + targetUserId);
                 return null;
             }
-            int callingGroupId = getUserInfoNoChecks(UserHandle.getCallingUserId()).profileGroupId;
-            if (callingGroupId == UserInfo.NO_PROFILE_GROUP_ID
-                    || callingGroupId != info.profileGroupId) {
+
+            final int callingUserId = UserHandle.getCallingUserId();
+            final int callingGroupId = getUserInfoNoChecks(callingUserId).profileGroupId;
+            final int targetGroupId = targetUserInfo.profileGroupId;
+            final boolean sameGroup = (callingGroupId != UserInfo.NO_PROFILE_GROUP_ID
+                    && callingGroupId == targetGroupId);
+            if ((callingUserId != targetUserId) && !sameGroup) {
                 checkManageUsersPermission("get the icon of a user who is not related");
             }
-            if (info.iconPath == null) {
+
+            if (targetUserInfo.iconPath == null) {
                 return null;
             }
-            iconPath = info.iconPath;
+            iconPath = targetUserInfo.iconPath;
         }
 
         try {
@@ -1229,7 +1235,7 @@
             }
             FileOutputStream os;
             if (bitmap.compress(Bitmap.CompressFormat.PNG, 100, os = new FileOutputStream(tmp))
-                    && tmp.renameTo(file)) {
+                    && tmp.renameTo(file) && SELinux.restorecon(file)) {
                 info.iconPath = file.getAbsolutePath();
             }
             try {