Extending systemUserOnly attribute to Providers and Services

    field public static final int switchTextOff = 16843628; // 0x101036c

    field public static final int switchTextOn = 16843627; // 0x101036b

    field public static final int syncable = 16842777; // 0x1010019

    field @FlaggedApi("android.multiuser.enable_system_user_only_for_services_and_providers") public static final int systemUserOnly;

    field public static final int tabStripEnabled = 16843453; // 0x10102bd

    field public static final int tabStripLeft = 16843451; // 0x10102bb

    field public static final int tabStripRight = 16843452; // 0x10102bc

import android.database.Cursor;

import android.database.MatrixCursor;

import android.database.SQLException;

import android.multiuser.Flags;

import android.net.Uri;

import android.os.AsyncTask;

import android.os.Binder;

    private boolean mExported;

    private boolean mNoPerms;

    private boolean mSingleUser;

    private boolean mSystemUserOnly;

    private SparseBooleanArray mUsersRedirectedToOwnerForMedia = new SparseBooleanArray();

    private ThreadLocal<AttributionSource> mCallingAttributionSource;

                            != PermissionChecker.PERMISSION_GRANTED

                            && getContext().checkUriPermission(userUri, Binder.getCallingPid(),

                            callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION)

                            != PackageManager.PERMISSION_GRANTED) {

                            != PackageManager.PERMISSION_GRANTED

                            && !deniedAccessSystemUserOnlyProvider(callingUserId,

                            mSystemUserOnly)) {

                        FrameworkStatsLog.write(GET_TYPE_ACCESSED_WITHOUT_PERMISSION,

                                enumCheckUriPermission,

                                callingUid, uri.getAuthority(), type);

    boolean checkUser(int pid, int uid, Context context) {

        final int callingUserId = UserHandle.getUserId(uid);

        if (deniedAccessSystemUserOnlyProvider(callingUserId, mSystemUserOnly)) {

            return false;

        }

        if (callingUserId == context.getUserId() || mSingleUser) {

            return true;

        }

        // last chance, check against any uri grants

        final int callingUserId = UserHandle.getUserId(uid);

        if (deniedAccessSystemUserOnlyProvider(callingUserId, mSystemUserOnly)) {

            return PermissionChecker.PERMISSION_HARD_DENIED;

        }

        final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, uid))

                ? maybeAddUserId(uri, callingUserId) : uri;

        if (context.checkUriPermission(userUri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION)

                setPathPermissions(info.pathPermissions);

                mExported = info.exported;

                mSingleUser = (info.flags & ProviderInfo.FLAG_SINGLE_USER) != 0;

                mSystemUserOnly = (info.flags & ProviderInfo.FLAG_SYSTEM_USER_ONLY) != 0;

                setAuthorities(info.authority);

            }

            if (Build.IS_DEBUGGABLE) {

        String auth = uri.getAuthority();

        if (!mSingleUser) {

            int userId = getUserIdFromAuthority(auth, UserHandle.USER_CURRENT);

            if (deniedAccessSystemUserOnlyProvider(mContext.getUserId(),

                    mSystemUserOnly)) {

                throw new SecurityException("Trying to query a SYSTEM user only content"

                        + " provider from user:" + mContext.getUserId());

            }

            if (userId != UserHandle.USER_CURRENT

                    && userId != mContext.getUserId()

                    // Since userId specified in content uri, the provider userId would be

            Trace.traceBegin(traceTag, methodName + subInfo);

        }

    }

    /**

     * Return true if access to content provider is denied because it's a SYSTEM user only

     * provider and the calling user is not the SYSTEM user.

     *

     * @param callingUserId UserId of the caller accessing the content provider.

     * @param systemUserOnly true when the content provider is only available for the SYSTEM user.

     */

    private static boolean deniedAccessSystemUserOnlyProvider(int callingUserId,

            boolean systemUserOnly) {

        return Flags.enableSystemUserOnlyForServicesAndProviders()

                && (callingUserId != UserHandle.USER_SYSTEM && systemUserOnly);

    }

}

     */

    public static final int FLAG_VISIBLE_TO_INSTANT_APP = 0x100000;

    /**

     * Bit in {@link #flags}: If set, this provider will only be available

     * for the system user.

     * Set from the android.R.attr#systemUserOnly attribute.

     * In Sync with {@link ActivityInfo#FLAG_SYSTEM_USER_ONLY}

     * @hide

     */

    public static final int FLAG_SYSTEM_USER_ONLY = ActivityInfo.FLAG_SYSTEM_USER_ONLY;

    /**

     * Bit in {@link #flags}: If set, a single instance of the provider will

     * run for all users on the device.  Set from the

     */

    public static final int FLAG_VISIBLE_TO_INSTANT_APP = 0x100000;

    /**

     * @hide Bit in {@link #flags}: If set, this service will only be available

     * for the system user.

     * Set from the android.R.attr#systemUserOnly attribute.

     * In Sync with {@link ActivityInfo#FLAG_SYSTEM_USER_ONLY}

     */

    public static final int FLAG_SYSTEM_USER_ONLY = ActivityInfo.FLAG_SYSTEM_USER_ONLY;

    /**

     * Bit in {@link #flags}: If set, a single instance of the service will

     * run for all users on the device.  Set from the

    description: "Add support for Private Space in resolver sheet"

    bug: "307515485"

}

flag {

    name: "enable_system_user_only_for_services_and_providers"

    namespace: "multiuser"

    description: "Enable systemUserOnly manifest attribute for services and providers."

    bug: "302354856"

    is_fixed_read_only: true

}