Relax permissions for isUserOfType, isUserNameSet (48f7d7f0) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+2 −2

Original line number	Diff line number	Diff line
		@@ -9828,8 +9828,8 @@ package android.os {
		method public boolean isRestrictedProfile();
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}, conditional=true) public boolean isRestrictedProfile(@NonNull android.os.UserHandle);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isSameProfileGroup(@NonNull android.os.UserHandle, @NonNull android.os.UserHandle);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) public boolean isUserNameSet();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isUserOfType(@NonNull String);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS, android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) public boolean isUserNameSet();
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isUserOfType(@NonNull String);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean isUserUnlockingOrUnlocked(@NonNull android.os.UserHandle);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public boolean removeUser(@NonNull android.os.UserHandle);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public int removeUserWhenPossible(@NonNull android.os.UserHandle, boolean);

core/java/android/os/UserManager.java

+15 −4

Original line number	Diff line number	Diff line
		@@ -2155,9 +2155,17 @@ public class UserManager {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS,
		Manifest.permission.GET_ACCOUNTS_PRIVILEGED})
		@UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU)
		@RequiresPermission(anyOf = {
		android.Manifest.permission.MANAGE_USERS,
		android.Manifest.permission.CREATE_USERS,
		android.Manifest.permission.QUERY_USERS,
		android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED})
		@UserHandleAware(
		enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU,
		requiresAnyOfPermissionsIfNotCaller = {
		android.Manifest.permission.MANAGE_USERS,
		android.Manifest.permission.CREATE_USERS,
		android.Manifest.permission.QUERY_USERS})
		public boolean isUserNameSet() {
		try {
		return mService.isUserNameSet(getContextUserIfAppropriate());
		@@ -2261,8 +2269,11 @@ public class UserManager {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(anyOf = {
		android.Manifest.permission.MANAGE_USERS,
		android.Manifest.permission.CREATE_USERS,
		android.Manifest.permission.QUERY_USERS})
		@UserHandleAware
		@RequiresPermission(android.Manifest.permission.MANAGE_USERS)
		public boolean isUserOfType(@NonNull String userType) {
		try {
		return mService.isUserOfType(mUserId, userType);

services/core/java/com/android/server/pm/UserManagerService.java

+9 −5

Original line number	Diff line number	Diff line
		@@ -1387,7 +1387,7 @@ public class UserManagerService extends IUserManager.Stub {
		*/
		@Override
		public boolean isUserOfType(@UserIdInt int userId, String userType) {
		checkManageUsersPermission("check user type");
		checkQueryOrCreateUsersPermission("check user type");
		return userType != null && userType.equals(getUserTypeNoChecks(userId));
		}

		@@ -1643,7 +1643,7 @@ public class UserManagerService extends IUserManager.Stub {
		if (!hasQueryOrCreateUsersPermission()
		&& !hasPermissionGranted(
		android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED, callingUid)) {
		throw new SecurityException("You need MANAGE_USERS or CREATE_USERS or "
		throw new SecurityException("You need MANAGE_USERS, CREATE_USERS, QUERY_USERS, or "
		+ "GET_ACCOUNTS_PRIVILEGED permissions to: get user name");
		}
		final int userId = UserHandle.getUserId(callingUid);
		@@ -5064,9 +5064,13 @@ public class UserManagerService extends IUserManager.Stub {

		@Override
		public boolean isUserNameSet(@UserIdInt int userId) {
		if (!hasManageUsersOrPermission(android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED)) {
		throw new SecurityException("You need MANAGE_USERS or GET_ACCOUNTS_PRIVILEGED "
		+ "permissions to: get whether user name is set");
		final int callingUid = Binder.getCallingUid();
		final int callingUserId = UserHandle.getUserId(callingUid);
		if (!hasQueryOrCreateUsersPermission()
		&& !(callingUserId == userId && hasPermissionGranted(
		android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED, callingUid))) {
		throw new SecurityException("You need MANAGE_USERS, CREATE_USERS, QUERY_USERS, or "
		+ "GET_ACCOUNTS_PRIVILEGED permissions to: get whether user name is set");
		}
		synchronized (mUsersLock) {
		final UserInfo userInfo = getUserInfoLU(userId);