Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 17794719 authored by Cassie Wang's avatar Cassie Wang Committed by Automerger Merge Worker
Browse files

Merge "Ensure calling user is the same as requested user." into sc-dev am: 34a952cf 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/15315615

Change-Id: I8a1841ceb114d8737cb20969480b8a0189bed3cc
parents f31e6d1c 34a952cf

apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java

+4 −22
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package com.android.server.appsearch; 
import static android.app.appsearch.AppSearchResult.throwableToFailedResult;

import static android.os.Process.INVALID_UID;



import android.Manifest;

import android.annotation.ElapsedRealtimeLong;

import android.annotation.NonNull;

import android.app.appsearch.AppSearchBatchResult;
@@ -1354,43 +1353,26 @@ public class AppSearchManagerService extends SystemService { 
    /**

     * Helper for dealing with incoming user arguments to system service calls.

     *

     * <p>Takes care of checking permissions and converting USER_CURRENT to the actual current user.

     *

     * @param requestedUser The user which the caller is requesting to execute as.

     * @param callingUid The actual uid of the caller as determined by Binder.

     * @return the user handle that the call should run as. Will always be a concrete user.

     */

    @NonNull

    private UserHandle handleIncomingUser(@NonNull UserHandle requestedUser, int callingUid) {

        int callingPid = Binder.getCallingPid();

        UserHandle callingUser = UserHandle.getUserHandleForUid(callingUid);

        if (callingUser.equals(requestedUser)) {

            return requestedUser;

        }



        // Duplicates UserController#ensureNotSpecialUser

        if (requestedUser.getIdentifier() < 0) {

            throw new IllegalArgumentException(

                    "Call does not support special user " + requestedUser);

        }

        boolean canInteractAcrossUsers = mContext.checkPermission(

                Manifest.permission.INTERACT_ACROSS_USERS,

                callingPid,

                callingUid) == PackageManager.PERMISSION_GRANTED;

        if (!canInteractAcrossUsers) {

            canInteractAcrossUsers = mContext.checkPermission(

                    Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                    callingPid,

                    callingUid) == PackageManager.PERMISSION_GRANTED;

        }

        if (canInteractAcrossUsers) {

            return requestedUser;

        }



        throw new SecurityException(

                "Permission denied while calling from uid " + callingUid

                        + " with " + requestedUser + "; Need to run as either the calling user ("

                        + callingUser + "), or with one of the following permissions: "

                        + Manifest.permission.INTERACT_ACROSS_USERS + " or "

                        + Manifest.permission.INTERACT_ACROSS_USERS_FULL);

                "Requested user, " + requestedUser + ", is not the same as the calling user, "

                        + callingUser + ".");

    }



    /**