Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ef9a383 authored Mar 23, 2021 by Winson

Disallow domain user selector from querying autoVerify domains

Settings shouldn't need this information as it's all provided as part
of the user state object.

Bug: 183537875

Test: DomainVerificationEnforcerTest

Change-Id: Ib84b92d1d43c098ea2c2a89471c0cd1deacc9661

parent 5785c5c6

core/api/system-current.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -2869,7 +2869,7 @@ package android.content.pm.verify.domain {
		}

		public final class DomainVerificationManager {
		method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.DOMAIN_VERIFICATION_AGENT, android.Manifest.permission.UPDATE_DOMAIN_VERIFICATION_USER_SELECTION}) public android.content.pm.verify.domain.DomainVerificationInfo getDomainVerificationInfo(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
		method @Nullable @RequiresPermission(android.Manifest.permission.DOMAIN_VERIFICATION_AGENT) public android.content.pm.verify.domain.DomainVerificationInfo getDomainVerificationInfo(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
		method @NonNull @RequiresPermission(android.Manifest.permission.UPDATE_DOMAIN_VERIFICATION_USER_SELECTION) public java.util.List<android.content.pm.verify.domain.DomainOwner> getOwnersForDomain(@NonNull String);
		method @NonNull @RequiresPermission(android.Manifest.permission.DOMAIN_VERIFICATION_AGENT) public java.util.List<java.lang.String> queryValidVerificationPackageNames();
		method @RequiresPermission(android.Manifest.permission.UPDATE_DOMAIN_VERIFICATION_USER_SELECTION) public void setDomainVerificationLinkHandlingAllowed(@NonNull String, boolean) throws android.content.pm.PackageManager.NameNotFoundException;

core/java/android/content/pm/verify/domain/DomainVerificationManager.java

+1 −4

Original line number	Diff line number	Diff line
		@@ -205,10 +205,7 @@ public final class DomainVerificationManager {
		*/
		@SystemApi
		@Nullable
		@RequiresPermission(anyOf = {
		android.Manifest.permission.DOMAIN_VERIFICATION_AGENT,
		android.Manifest.permission.UPDATE_DOMAIN_VERIFICATION_USER_SELECTION
		})
		@RequiresPermission(android.Manifest.permission.DOMAIN_VERIFICATION_AGENT)
		public DomainVerificationInfo getDomainVerificationInfo(@NonNull String packageName)
		throws NameNotFoundException {
		try {

services/core/java/com/android/server/pm/verify/domain/DomainVerificationEnforcer.java

+2 −5

Original line number	Diff line number	Diff line
		@@ -70,11 +70,8 @@ public class DomainVerificationEnforcer {
		break;
		default:
		if (!proxy.isCallerVerifier(callingUid)) {
		mContext.enforcePermission(
		android.Manifest.permission.UPDATE_DOMAIN_VERIFICATION_USER_SELECTION,
		Binder.getCallingPid(), callingUid,
		"Caller " + callingUid
		+ " is not allowed to query domain verification state");
		throw new SecurityException(
		"Caller is not allowed to query domain verification state");
		}

		mContext.enforcePermission(android.Manifest.permission.QUERY_ALL_PACKAGES,

services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/verify/domain/DomainVerificationEnforcerTest.kt

+2 −2

Original line number	Diff line number	Diff line
		@@ -417,7 +417,7 @@ class DomainVerificationEnforcerTest {

		allowQueryAll.set(true)

		runMethod(target, NON_VERIFIER_UID)
		assertFails { runMethod(target, NON_VERIFIER_UID) }
		}

		private fun approvedVerifier() {
		@@ -816,7 +816,7 @@ class DomainVerificationEnforcerTest {
		// System/shell only
		INTERNAL,

		// INTERNAL \|\| domain verification agent \|\| user setting permission holder
		// INTERNAL \|\| non-legacy domain verification agent
		QUERENT,

		// INTERNAL \|\| domain verification agent