Enable cross-user requests.
Allow a cross-user request if the caller has INTERACT_ACROSS_USERS_FULL
permission. Then, the request will be made in the targetUser's AppSearch
instance.
USERS_FULL is signature permission which is only given to apps which
are signed with the same certificate as the platform. so we trust them
more and usually we allow apps with full permission to interact with
packages other than it's own on the other users.
So switching to USERS_FULLFULL only was because it might be a smaller
fix and that only very trusted apps could abuse the security risks we
had.
The general multi-user bug categories as
1:pre-existing bugs that blocked cross-user: FIXED, b/194413082,
b/193902620, b/194939218.
2:enable cross-user: Current CL b/194332010.
3:restrict the cross-user use-cases: b/193423447, b/193423599
Bug: 194332010
Test: atest -m -c --rebuild-module-info CtsAppSearchTestCases
FrameworksCoreTests:android.app.appsearch
FrameworksServicesTests:com.android.server.appsearch
CtsAppSearchHostTestCases
Change-Id: I93c083d83612c21a3e6566d42c17db137e90ebe6
1 file changed