Merge "Renamed some permission check methods in UserManagerService" (104e2e17) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/UserManagerService.java

+25 −25

Original line number	Diff line number	Diff line
		@@ -839,7 +839,7 @@ public class UserManagerService extends IUserManager.Stub {
		@Override
		public @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying,
		boolean excludePreCreated) {
		checkManageOrCreateUsersPermission("query users");
		checkCreateUsersPermission("query users");
		return getUsersInternal(excludePartial, excludeDying, excludePreCreated);
		}

		@@ -868,7 +868,7 @@ public class UserManagerService extends IUserManager.Stub {
		checkQueryOrCreateUsersPermission("getting profiles related to user " + userId);
		returnFullInfo = true;
		} else {
		returnFullInfo = hasManageOrCreateUsersPermission();
		returnFullInfo = hasCreateUsersPermission();
		}
		final long ident = Binder.clearCallingIdentity();
		try {
		@@ -1708,7 +1708,7 @@ public class UserManagerService extends IUserManager.Stub {
		@Override
		public boolean isRestricted(@UserIdInt int userId) {
		if (userId != UserHandle.getCallingUserId()) {
		checkManageOrCreateUsersPermission("query isRestricted for user " + userId);
		checkCreateUsersPermission("query isRestricted for user " + userId);
		}
		synchronized (mUsersLock) {
		final UserInfo userInfo = getUserInfoLU(userId);
		@@ -2227,7 +2227,7 @@ public class UserManagerService extends IUserManager.Stub {

		@Override
		public boolean hasBaseUserRestriction(String restrictionKey, @UserIdInt int userId) {
		checkManageOrCreateUsersPermission("hasBaseUserRestriction");
		checkCreateUsersPermission("hasBaseUserRestriction");
		if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
		return false;
		}
		@@ -2444,7 +2444,7 @@ public class UserManagerService extends IUserManager.Stub {
		*/
		@Override
		public boolean canAddMoreUsersOfType(String userType) {
		checkManageOrCreateUsersPermission("check if more users can be added.");
		checkCreateUsersPermission("check if more users can be added.");
		final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
		return userTypeDetails != null && canAddMoreUsersOfType(userTypeDetails);
		}
		@@ -2452,7 +2452,7 @@ public class UserManagerService extends IUserManager.Stub {
		/** Returns whether the creation of users of the given user type is enabled on this device. */
		@Override
		public boolean isUserTypeEnabled(String userType) {
		checkManageOrCreateUsersPermission("check if user type is enabled.");
		checkCreateUsersPermission("check if user type is enabled.");
		final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
		return userTypeDetails != null && userTypeDetails.isEnabled();
		}
		@@ -2577,10 +2577,10 @@ public class UserManagerService extends IUserManager.Stub {
		*
		* @param message used as message if SecurityException is thrown
		* @throws SecurityException if the caller is not system or root
		* @see #hasManageOrCreateUsersPermission()
		* @see #hasCreateUsersPermission()
		*/
		private static final void checkManageOrCreateUsersPermission(String message) {
		if (!hasManageOrCreateUsersPermission()) {
		private static final void checkCreateUsersPermission(String message) {
		if (!hasCreateUsersPermission()) {
		throw new SecurityException(
		"You either need MANAGE_USERS or CREATE_USERS permission to: " + message);
		}
		@@ -2621,14 +2621,14 @@ public class UserManagerService extends IUserManager.Stub {
		}

		/**
		* Similar to {@link #checkManageOrCreateUsersPermission(String)} but when the caller is tries
		* Similar to {@link #checkCreateUsersPermission(String)} but when the caller is tries
		* to create user/profiles other than what is allowed for
		* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} permission, then it will only
		* allow callers with {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} permission.
		*/
		private static final void checkManageOrCreateUsersPermission(int creationFlags) {
		private static final void checkCreateUsersPermission(int creationFlags) {
		if ((creationFlags & ~ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION) == 0) {
		if (!hasManageOrCreateUsersPermission()) {
		if (!hasCreateUsersPermission()) {
		throw new SecurityException("You either need MANAGE_USERS or CREATE_USERS "
		+ "permission to create an user with flags: " + creationFlags);
		}
		@@ -2672,7 +2672,7 @@ public class UserManagerService extends IUserManager.Stub {
		* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
		* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}.
		*/
		private static final boolean hasManageOrCreateUsersPermission() {
		private static final boolean hasCreateUsersPermission() {
		return hasManageUsersOrPermission(android.Manifest.permission.CREATE_USERS);
		}

		@@ -2692,7 +2692,7 @@ public class UserManagerService extends IUserManager.Stub {
		* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}.
		*/
		private static final boolean hasQueryOrCreateUsersPermission() {
		return hasManageOrCreateUsersPermission()
		return hasCreateUsersPermission()
		\|\| hasPermissionGranted(Manifest.permission.QUERY_USERS, Binder.getCallingUid());
		}

		@@ -3572,7 +3572,7 @@ public class UserManagerService extends IUserManager.Stub {
		public UserInfo createProfileForUserWithThrow(@Nullable String name, @NonNull String userType,
		@UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages)
		throws ServiceSpecificException {
		checkManageOrCreateUsersPermission(flags);
		checkCreateUsersPermission(flags);
		try {
		return createUserInternal(name, userType, flags, userId, disallowedPackages);
		} catch (UserManager.CheckedUserOperationException e) {
		@@ -3588,7 +3588,7 @@ public class UserManagerService extends IUserManager.Stub {
		@NonNull String userType,
		@UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages)
		throws ServiceSpecificException {
		checkManageOrCreateUsersPermission(flags);
		checkCreateUsersPermission(flags);
		try {
		return createUserInternalUnchecked(name, userType, flags, userId,
		/* preCreate= / false, disallowedPackages, / token= */ null);
		@@ -3601,7 +3601,7 @@ public class UserManagerService extends IUserManager.Stub {
		public UserInfo createUserWithThrow(String name, @NonNull String userType,
		@UserInfoFlag int flags)
		throws ServiceSpecificException {
		checkManageOrCreateUsersPermission(flags);
		checkCreateUsersPermission(flags);
		try {
		return createUserInternal(name, userType, flags, UserHandle.USER_NULL,
		/* disallowedPackages= */ null);
		@@ -3615,7 +3615,7 @@ public class UserManagerService extends IUserManager.Stub {
		final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
		final int flags = userTypeDetails != null ? userTypeDetails.getDefaultUserInfoFlags() : 0;

		checkManageOrCreateUsersPermission(flags);
		checkCreateUsersPermission(flags);

		Preconditions.checkArgument(isUserTypeEligibleForPreCreation(userTypeDetails),
		"cannot pre-create user of type " + userType);
		@@ -3635,7 +3635,7 @@ public class UserManagerService extends IUserManager.Stub {
		String userName, String userType, @UserInfoFlag int flags,
		Bitmap userIcon,
		String accountName, String accountType, PersistableBundle accountOptions) {
		checkManageOrCreateUsersPermission(flags);
		checkCreateUsersPermission(flags);

		if (someUserHasAccountNoChecks(accountName, accountType)) {
		throw new ServiceSpecificException(
		@@ -4080,7 +4080,7 @@ public class UserManagerService extends IUserManager.Stub {

		@Override
		public String[] getPreInstallableSystemPackages(@NonNull String userType) {
		checkManageOrCreateUsersPermission("getPreInstallableSystemPackages");
		checkCreateUsersPermission("getPreInstallableSystemPackages");
		final Set<String> installableSystemPackages =
		mSystemPackageInstaller.getInstallablePackagesForUserType(userType);
		if (installableSystemPackages == null) {
		@@ -4205,7 +4205,7 @@ public class UserManagerService extends IUserManager.Stub {
		*/
		@Override
		public UserInfo createRestrictedProfileWithThrow(@Nullable String name, int parentUserId) {
		checkManageOrCreateUsersPermission("setupRestrictedProfile");
		checkCreateUsersPermission("setupRestrictedProfile");
		final UserInfo user = createProfileForUserWithThrow(
		name, UserManager.USER_TYPE_FULL_RESTRICTED, 0, parentUserId, null);
		if (user == null) {
		@@ -4302,7 +4302,7 @@ public class UserManagerService extends IUserManager.Stub {
		@Override
		public boolean removeUser(@UserIdInt int userId) {
		Slog.i(LOG_TAG, "removeUser u" + userId);
		checkManageOrCreateUsersPermission("Only the system can remove users");
		checkCreateUsersPermission("Only the system can remove users");

		final String restriction = getUserRemovalRestriction(userId);
		if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
		@@ -4314,7 +4314,7 @@ public class UserManagerService extends IUserManager.Stub {

		@Override
		public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) {
		checkManageOrCreateUsersPermission("Only the system can remove users");
		checkCreateUsersPermission("Only the system can remove users");
		return removeUserUnchecked(userId);
		}

		@@ -4429,7 +4429,7 @@ public class UserManagerService extends IUserManager.Stub {
		@Override
		public @UserManager.RemoveResult int removeUserOrSetEphemeral(@UserIdInt int userId,
		boolean evenWhenDisallowed) {
		checkManageOrCreateUsersPermission("Only the system can remove users");
		checkCreateUsersPermission("Only the system can remove users");

		if (!evenWhenDisallowed) {
		final String restriction = getUserRemovalRestriction(userId);
		@@ -5180,7 +5180,7 @@ public class UserManagerService extends IUserManager.Stub {

		@Override
		public boolean someUserHasAccount(String accountName, String accountType) {
		checkManageOrCreateUsersPermission("check seed account information");
		checkCreateUsersPermission("check seed account information");
		return someUserHasAccountNoChecks(accountName, accountType);
		}