UserManager.getUserName w/ GET_ACCOUNTS_PRIVILEGED
Previously, UserManager.getUserName() and getUserIcon()
required the MANAGE_USERS permission; this has been relaxed
so that the GET_ACCOUNTS_PRIVILEGED permission is also sufficient.
Test: atest UserManagerServiceUserInfoTest
Fixes: 127826840
Change-Id: If90b82313ecf23ea56dca3d24f23a4ca9caa939a
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 3744f68..e55703e 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1144,6 +1144,19 @@
}
@Override
+ public String getUserName() {
+ if (!hasManageUsersOrPermission(android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED)) {
+ throw new SecurityException("You need MANAGE_USERS or GET_ACCOUNTS_PRIVILEGED "
+ + "permissions to: get user name");
+ }
+ final int userId = UserHandle.getUserId(Binder.getCallingUid());
+ synchronized (mUsersLock) {
+ UserInfo userInfo = userWithName(getUserInfoLU(userId));
+ return userInfo == null ? "" : userInfo.name;
+ }
+ }
+
+ @Override
public long getUserStartRealtime() {
final int userId = UserHandle.getUserId(Binder.getCallingUid());
synchronized (mUsersLock) {
@@ -1324,7 +1337,10 @@
@Override
public ParcelFileDescriptor getUserIcon(int targetUserId) {
- checkManageUsersPermission("get user icon");
+ if (!hasManageUsersOrPermission(android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED)) {
+ throw new SecurityException("You need MANAGE_USERS or GET_ACCOUNTS_PRIVILEGED "
+ + "permissions to: get user icon");
+ }
String iconPath;
synchronized (mPackagesLock) {
UserInfo targetUserInfo = getUserInfoNoChecks(targetUserId);
@@ -1941,15 +1957,23 @@
/**
* @return whether the calling UID is system UID or root's UID or the calling app has the
- * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
- * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}.
+ * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or the provided permission.
*/
- private static final boolean hasManageOrCreateUsersPermission() {
+ private static final boolean hasManageUsersOrPermission(String alternativePermission) {
final int callingUid = Binder.getCallingUid();
return UserHandle.isSameApp(callingUid, Process.SYSTEM_UID)
|| callingUid == Process.ROOT_UID
|| hasPermissionGranted(android.Manifest.permission.MANAGE_USERS, callingUid)
- || hasPermissionGranted(android.Manifest.permission.CREATE_USERS, callingUid);
+ || hasPermissionGranted(alternativePermission, callingUid);
+ }
+
+ /**
+ * @return whether the calling UID is system UID or root's UID or the calling app has the
+ * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
+ * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}.
+ */
+ private static final boolean hasManageOrCreateUsersPermission() {
+ return hasManageUsersOrPermission(android.Manifest.permission.CREATE_USERS);
}
/**