Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 72704403 authored by Alex Kershaw's avatar Alex Kershaw
Browse files

[RESTRICT AUTOMERGE] Make WPMS look for DOs and POs in the correct calling user 

Currently, it will always look in user 0 since it uses the DPM from
mContext, which will always be from user 0 as WPMS is in the system
server process.

Extend DPMI to provide the necessary external helper API. This is
preferable to just using createContextAsUser before getting the DPM
instance since it avoids a second binding.

Fixes: 144048540
Fixes: 172682826
Bug: 153995973
Bug: 174642338
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testSetWallpaper_disallowed
Change-Id: I52b71000fac31ff6725ddded58206f69b263ae33
(cherry picked from commit 5b36ee3f)
parent 6bcc71b1

core/java/android/app/admin/DevicePolicyManagerInternal.java

+7 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package android.app.admin;



import android.annotation.Nullable;

import android.annotation.UserIdInt;

import android.content.ComponentName;

import android.content.Intent;
@@ -221,6 +222,7 @@ public abstract class DevicePolicyManagerInternal { 
    /**

     * Returns the profile owner component for the given user, or {@code null} if there is not one.

     */

    @Nullable

    public abstract ComponentName getProfileOwnerAsUser(int userHandle);



    /**
@@ -234,4 +236,9 @@ public abstract class DevicePolicyManagerInternal { 
     * {@link #supportsResetOp(int)} is true.

     */

    public abstract void resetOp(int op, String packageName, @UserIdInt int userId);



    /**

     * Returns whether the given package is a device owner or a profile owner in the calling user.

     */

    public abstract boolean isDeviceOrProfileOwnerInCallingUser(String packageName);

}

services/core/java/com/android/server/wallpaper/WallpaperManagerService.java

+5 −5
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ import android.app.WallpaperColors; 
import android.app.WallpaperInfo;

import android.app.WallpaperManager;

import android.app.WallpaperManager.SetWallpaperFlags;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManagerInternal;

import android.app.backup.WallpaperBackupHelper;

import android.content.BroadcastReceiver;

import android.content.ComponentName;
@@ -2861,10 +2861,10 @@ public class WallpaperManagerService extends IWallpaperManager.Stub 
        if (!uidMatchPackage) {

            return false;   // callingPackage was faked.

        }



        // TODO(b/144048540): DPM needs to take into account the userId, not just the package.

        final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

        if (dpm.isDeviceOwnerApp(callingPackage) || dpm.isProfileOwnerApp(callingPackage)) {

        DevicePolicyManagerInternal devicePolicyManagerInternal =

                LocalServices.getService(DevicePolicyManagerInternal.class);

        if (devicePolicyManagerInternal != null &&

                devicePolicyManagerInternal.isDeviceOrProfileOwnerInCallingUser(callingPackage)) {

            return true;

        }

        final int callingUserId = UserHandle.getCallingUserId();

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+20 −0
Original line number Diff line number Diff line
@@ -12839,6 +12839,26 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                    ? AppOpsManager.MODE_ALLOWED

                    : AppOpsManager.opToDefaultMode(AppOpsManager.OP_INTERACT_ACROSS_PROFILES);

        }













        public boolean isDeviceOrProfileOwnerInCallingUser(String packageName) {













            return isDeviceOwnerInCallingUser(packageName)













                    || isProfileOwnerInCallingUser(packageName);













        }

























        private boolean isDeviceOwnerInCallingUser(String packageName) {













            final ComponentName deviceOwnerInCallingUser =













                    DevicePolicyManagerService.this.getDeviceOwnerComponent(













                            /* callingUserOnly= */ true);













            return deviceOwnerInCallingUser != null













                    && packageName.equals(deviceOwnerInCallingUser.getPackageName());













        }

























        private boolean isProfileOwnerInCallingUser(String packageName) {













            final ComponentName profileOwnerInCallingUser =













                    getProfileOwnerAsUser(UserHandle.getCallingUserId());













            return profileOwnerInCallingUser != null













                    && packageName.equals(profileOwnerInCallingUser.getPackageName());













        }















    }





























    private Intent createShowAdminSupportIntent(ComponentName admin, int userId) {