Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08abd0f0 authored by arangelov's avatar arangelov
Browse files

Allow cross-profile interaction when called from the system process. 

This is done by allowing INTERACT_ACROSS_USERS_FULL to interact
cross-profile and make system_server use INTERACT_ACROSS_USERS_FULL.

Bug: 148279634
Test: manually verified the icons are loading cross-profile
Test: atest ManagedProfileTest#testCanGetWorkShortcutIconDrawableFromPersonalProfile
Test: atest ManagedProfileTest#testCanGetPersonalShortcutIconDrawableFromWorkProfile

Change-Id: I8da69a7cabd00bc3422cdd53af35604c248029af
parent c5f436ec

core/java/android/content/pm/LauncherApps.java

+8 −3
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package android.content.pm;



import static android.Manifest.permission;

import android.annotation.CallbackExecutor;

import android.annotation.IntDef;

import android.annotation.NonNull;
@@ -485,11 +486,15 @@ public class LauncherApps { 
    }



    /**

     * Show an error log on logcat, when the calling user is a managed profile, and the target

     * user is different from the calling user, in order to help developers to detect it.

     * Show an error log on logcat, when the calling user is a managed profile, the target

     * user is different from the calling user, and it is not called from a package that has the

     * {@link permission.INTERACT_ACROSS_USERS_FULL} permission, in order to help

     * developers to detect it.

     */

    private void logErrorForInvalidProfileAccess(@NonNull UserHandle target) {

        if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile()) {

        if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile()

                    && mContext.checkSelfPermission(permission.INTERACT_ACROSS_USERS_FULL)

                            != PackageManager.PERMISSION_GRANTED) {

            Log.w(TAG, "Accessing other profiles/users from managed profile is no longer allowed.");

        }

    }

core/res/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -2377,6 +2377,7 @@ 
         @hide -->

    <permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL"

        android:protectionLevel="signature|installer|telephony" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />



    <!-- Allows interaction across profiles in the same profile group. -->

    <permission android:name="android.permission.INTERACT_ACROSS_PROFILES"

services/core/java/com/android/server/pm/LauncherAppsService.java

+5 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.pm;



import android.Manifest.permission;

import android.annotation.NonNull;

import android.annotation.UserIdInt;

import android.app.ActivityManager;
@@ -303,6 +304,10 @@ public class LauncherAppsService extends SystemService { 
            final int callingUserId = injectCallingUserId();



            if (targetUserId == callingUserId) return true;

            if (mContext.checkCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL)

                    == PackageManager.PERMISSION_GRANTED) {

                return true;

            }



            long ident = injectClearCallingIdentity();

            try {