Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a5d6c6c authored by Esteban Talavera's avatar Esteban Talavera
Browse files

Only system can set app restrictions 

Only system/root UIDs or components with MANAGE_USERS permission
can set app restrictions. Apps should only be able to retrieve their
own restrictions, but not set them.

Change-Id: I1ebf30dc6ef5af12fa79230618f89b43aa7b1fb6
parent 4fc74408

services/core/java/com/android/server/pm/UserManagerService.java

+3 −8
Original line number Diff line number Diff line
@@ -576,8 +576,6 @@ public class UserManagerService extends IUserManager.Stub { 


    @Override

    public Bundle getUserRestrictions(int userId) {

        // checkManageUsersPermission("getUserRestrictions");



        synchronized (mPackagesLock) {

            Bundle restrictions = mUserRestrictions.get(userId);

            return restrictions != null ? new Bundle(restrictions) : new Bundle();
@@ -1648,7 +1646,7 @@ public class UserManagerService extends IUserManager.Stub { 
    public Bundle getApplicationRestrictionsForUser(String packageName, int userId) {

        if (UserHandle.getCallingUserId() != userId

                || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {

            checkManageUsersPermission("Only system can get restrictions for other users/apps");

            checkManageUsersPermission("get application restrictions for other users/apps");

        }

        synchronized (mPackagesLock) {

            // Read the restrictions from XML
@@ -1659,10 +1657,7 @@ public class UserManagerService extends IUserManager.Stub { 
    @Override

    public void setApplicationRestrictions(String packageName, Bundle restrictions,

            int userId) {

        if (UserHandle.getCallingUserId() != userId

                || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {

            checkManageUsersPermission("Only system can set restrictions for other users/apps");

        }

        checkManageUsersPermission("set application restrictions");

        synchronized (mPackagesLock) {

            if (restrictions == null || restrictions.isEmpty()) {

                cleanAppRestrictionsForPackage(packageName, userId);
@@ -1683,7 +1678,7 @@ public class UserManagerService extends IUserManager.Stub { 


    @Override

    public void removeRestrictions() {

        checkManageUsersPermission("Only system can remove restrictions");

        checkManageUsersPermission("remove restrictions");

        final int userHandle = UserHandle.getCallingUserId();

        removeRestrictionsForUser(userHandle, true);

    }