Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 125d1d9b authored by menghanli's avatar menghanli
Browse files

Avoid A11y features blocked by IT admin can be allowed to bind at the system level 

Root cause: Address A11y features blocked by IT admin by adjusting the UI, which seems like a good idea but might not cover all cases
Solution: Avoid A11y features blocked by IT admin can be allowed to bind at the system level

Bug: 254223085
Test: atest CtsAccessibilityServiceTestCases
Test: `adb shell settings put secure enabled_accessibility_service` disallowed service & verify the service would not be bound by `adb shell dumpsys accessibility`
Change-Id: I6ce326c82d063923d8737d637aa5f7f570cfc950
parent 6b02ff57

services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java

+28 −22
Original line number Diff line number Diff line
@@ -2263,6 +2263,15 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
            }

            if (userState.mEnabledServices.contains(componentName)

                    && !mUiAutomationManager.suppressingAccessibilityServicesLocked()) {

                // Skip the enabling service disallowed by device admin policy.

                if (!isAccessibilityTargetAllowed(componentName.getPackageName(),

                        installedService.getResolveInfo().serviceInfo.applicationInfo.uid,

                        userState.mUserId)) {

                    Slog.d(LOG_TAG, "Skipping enabling service disallowed by device admin policy: "

                            + componentName);

                    disableAccessibilityServiceLocked(componentName, userState.mUserId);

                    continue;

                }

                if (service == null) {

                    service = new AccessibilityServiceConnection(userState, mContext, componentName,

                            installedService, sIdCounter++, mMainHandler, mLock, mSecurityPolicy,
@@ -3875,11 +3884,9 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
        }

    }



    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean isAccessibilityTargetAllowed(String packageName, int uid, int userId) {

        final long identity = Binder.clearCallingIdentity();

        try {

            final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

            final List<String> permittedServices = dpm.getPermittedAccessibilityServices(userId);
@@ -3895,12 +3902,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
                return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED;

            }

            return false;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean sendRestrictedDialogIntent(String packageName, int uid, int userId) {

        // The accessibility service is allowed. Don't show the restricted dialog.

        if (isAccessibilityTargetAllowed(packageName, uid, userId)) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+20 −19
Original line number Diff line number Diff line
@@ -11776,6 +11776,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller));













        // Move AccessibilityManager out of lock to prevent potential deadlock













        final List<AccessibilityServiceInfo> installedServices;













        long id = mInjector.binderClearCallingIdentity();













        try {













            UserInfo user = getUserInfo(userId);













            if (user.isManagedProfile()) {













                userId = user.profileGroupId;













            }













            installedServices = withAccessibilityManager(userId,













                    AccessibilityManager::getInstalledAccessibilityServiceList);













        } finally {













            mInjector.binderRestoreCallingIdentity(id);













        }



























        synchronized (getLockObject()) {















            List<String> result = null;















            // If we have multiple profiles we return the intersection of the









@@ -11802,16 +11816,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {



























            // If we have a permitted list add all system accessibility services.















            if (result != null) {













                long id = mInjector.binderClearCallingIdentity();













                try {













                    UserInfo user = getUserInfo(userId);













                    if (user.isManagedProfile()) {













                        userId = user.profileGroupId;













                    }













                    final List<AccessibilityServiceInfo> installedServices =













                            withAccessibilityManager(userId,













                                    AccessibilityManager::getInstalledAccessibilityServiceList);



























                if (installedServices != null) {















                    for (AccessibilityServiceInfo service : installedServices) {















                        ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;









@@ -11821,9 +11825,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                        }















                    }















                }













                } finally {













                    mInjector.binderRestoreCallingIdentity(id);













                }















            }





























            return result;