Ensure calling user is the same as requested user.
This prevents any cross-user requests. Cross-user requests are already
not allowed, but due to a bug elsewhere in the code. This intentionally
handles the case and also throws a SecurityException.
Bug: 193903221
Test: presubmit
Test: manually checked cross-user requests get an exception.
Change-Id: I5bd867b86b972452daa2d8253f3c19f059a8a4b3
diff --git a/service/java/com/android/server/appsearch/AppSearchManagerService.java b/service/java/com/android/server/appsearch/AppSearchManagerService.java
index 666d497..1d66beb 100644
--- a/service/java/com/android/server/appsearch/AppSearchManagerService.java
+++ b/service/java/com/android/server/appsearch/AppSearchManagerService.java
@@ -18,7 +18,6 @@
import static android.app.appsearch.AppSearchResult.throwableToFailedResult;
import static android.os.Process.INVALID_UID;
-import android.Manifest;
import android.annotation.ElapsedRealtimeLong;
import android.annotation.NonNull;
import android.app.appsearch.AppSearchBatchResult;
@@ -1354,43 +1353,26 @@
/**
* Helper for dealing with incoming user arguments to system service calls.
*
- * <p>Takes care of checking permissions and converting USER_CURRENT to the actual current user.
- *
* @param requestedUser The user which the caller is requesting to execute as.
* @param callingUid The actual uid of the caller as determined by Binder.
* @return the user handle that the call should run as. Will always be a concrete user.
*/
@NonNull
private UserHandle handleIncomingUser(@NonNull UserHandle requestedUser, int callingUid) {
- int callingPid = Binder.getCallingPid();
UserHandle callingUser = UserHandle.getUserHandleForUid(callingUid);
if (callingUser.equals(requestedUser)) {
return requestedUser;
}
+
// Duplicates UserController#ensureNotSpecialUser
if (requestedUser.getIdentifier() < 0) {
throw new IllegalArgumentException(
"Call does not support special user " + requestedUser);
}
- boolean canInteractAcrossUsers = mContext.checkPermission(
- Manifest.permission.INTERACT_ACROSS_USERS,
- callingPid,
- callingUid) == PackageManager.PERMISSION_GRANTED;
- if (!canInteractAcrossUsers) {
- canInteractAcrossUsers = mContext.checkPermission(
- Manifest.permission.INTERACT_ACROSS_USERS_FULL,
- callingPid,
- callingUid) == PackageManager.PERMISSION_GRANTED;
- }
- if (canInteractAcrossUsers) {
- return requestedUser;
- }
+
throw new SecurityException(
- "Permission denied while calling from uid " + callingUid
- + " with " + requestedUser + "; Need to run as either the calling user ("
- + callingUser + "), or with one of the following permissions: "
- + Manifest.permission.INTERACT_ACROSS_USERS + " or "
- + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ "Requested user, " + requestedUser + ", is not the same as the calling user, "
+ + callingUser + ".");
}
/**