Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6d410f10 authored by Adam Bookatz's avatar Adam Bookatz
Browse files

getUserPropertiesCopy handles Query/Manage perms 

getUserPropertiesCopy should use the standard way of querying whether a
caller has Query or Manage users permission. In particular, a caller
that has Manage should be treated as though it has Query as well, which
this cl will ensure. Some variable names and comments are updated to
make this clearer.

Test: atest UserManagerServiceUserPropertiesTest
Change-Id: I6ba312b27e6ab47498a03ecac6c1ffd6f60442e8
parent 9d8f4ade

core/java/android/content/pm/UserProperties.java

+7 −5
Original line number Diff line number Diff line
@@ -114,7 +114,7 @@ public final class UserProperties implements Parcelable { 
    public UserProperties(UserProperties orig,

            boolean exposeAllFields,

            boolean hasManagePermission,

            boolean hasQueryPermission) {

            boolean hasQueryOrManagePermission) {



        if (orig.mDefaultProperties == null) {

            throw new IllegalArgumentException("Attempting to copy a non-original UserProperties.");
@@ -122,17 +122,19 @@ public final class UserProperties implements Parcelable { 


        this.mDefaultProperties = null;



        // Insert each setter into the following hierarchy based on its permission requirements.

        // NOTE: Copy each property using getters to ensure default values are copied if needed.

        if (exposeAllFields) {

            // Add items that require exposeAllFields to be true (strictest permission level).

            setStartWithParent(orig.getStartWithParent());

        }

        if (hasManagePermission) {

            // Add any items that require this permission.

            // Add items that require MANAGE_USERS or stronger.

        }

        if (hasQueryPermission) {

            // Add any items that require this permission.

        if (hasQueryOrManagePermission) {

            // Add items that require QUERY_USERS or stronger.

        }

        // Add any items that require no permissions at all.

        // Add items that have no permission requirements at all.

        setShowInLauncher(orig.getShowInLauncher());

    }

services/core/java/com/android/server/pm/UserManagerService.java

+3 −4
Original line number Diff line number Diff line
@@ -1540,10 +1540,9 @@ public class UserManagerService extends IUserManager.Stub { 
        checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserProperties");

        final UserProperties origProperties = getUserPropertiesInternal(userId);

        if (origProperties != null) {

            int callingUid = Binder.getCallingUid();

            boolean exposeAllFields = callingUid == Process.SYSTEM_UID;

            boolean hasManage = hasPermissionGranted(Manifest.permission.MANAGE_USERS, callingUid);

            boolean hasQuery = hasPermissionGranted(Manifest.permission.QUERY_USERS, callingUid);

            boolean exposeAllFields = Binder.getCallingUid() == Process.SYSTEM_UID;

            boolean hasManage = hasManageUsersPermission();

            boolean hasQuery = hasQueryUsersPermission();

            return new UserProperties(origProperties, exposeAllFields, hasManage, hasQuery);

        }

        // A non-existent or partial user will reach here.