Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8008cbf4 authored by Chaitanya Cheemala (xWF)'s avatar Chaitanya Cheemala (xWF) Committed by Android (Google) Code Review
Browse files

Merge "Revert "Ensure setSupervisionEnabledForUser caller is SystemUid"" into main

parents 020e5c49 566d25c2

services/supervision/java/com/android/server/supervision/SupervisionService.java

+1 −20
Original line number Diff line number Diff line
@@ -51,7 +51,6 @@ import android.os.Bundle; 
import android.os.IBinder;

import android.os.IInterface;

import android.os.PersistableBundle;

import android.os.Process;

import android.os.RemoteException;

import android.os.ResultReceiver;

import android.os.ShellCallback;
@@ -78,7 +77,6 @@ import java.io.FileDescriptor; 
import java.io.PrintWriter;

import java.util.ArrayList;

import java.util.List;

import java.util.Objects;



/** Service for handling system supervision. */

public class SupervisionService extends ISupervisionManager.Stub {
@@ -138,7 +136,7 @@ public class SupervisionService extends ISupervisionManager.Stub { 


    @Override

    public void setSupervisionEnabledForUser(@UserIdInt int userId, boolean enabled) {

        enforceSystemCaller();

        // TODO(b/395630828): Ensure that this method can only be called by the system.

        if (UserHandle.getUserId(Binder.getCallingUid()) != userId) {

            enforcePermission(INTERACT_ACROSS_USERS);

        }
@@ -558,13 +556,6 @@ public class SupervisionService extends ISupervisionManager.Stub { 
        checkCallAuthorization(authorized);

    }



    /** Enforces that the caller is the system. */

    private void enforceSystemCaller() {

        int callingUid = mInjector.getCallingUid();

        checkCallAuthorization(UserHandle.isSameApp(callingUid, Process.SYSTEM_UID),

              "Caller with UID %s is not authorized.", callingUid);

    }



    /** Provides local services in a lazy manner. */

    static class Injector {

        public Context context;
@@ -574,7 +565,6 @@ public class SupervisionService extends ISupervisionManager.Stub { 
        private KeyguardManager mKeyguardManager;

        private PackageManager mPackageManager;

        private UserManagerInternal mUserManagerInternal;

        private Integer mCallingUid;



        Injector(Context context) {

            this.context = context;
@@ -616,15 +606,6 @@ public class SupervisionService extends ISupervisionManager.Stub { 
            }

            return mUserManagerInternal;

        }



        int getCallingUid() {

            return Objects.requireNonNullElseGet(mCallingUid, Binder::getCallingUid);

        }



        @VisibleForTesting

        public void setCallingUid(int Uid) {

            mCallingUid = Uid;

        }

    }



    /** Publishes local and binder services and allows the service to act during initialization. */

services/tests/servicestests/src/com/android/server/supervision/SupervisionServiceTest.kt

+2 −17
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import android.content.Context 
import android.content.ContextWrapper

import android.content.Intent

import android.content.IntentFilter

import android.os.IBinder

import android.content.pm.PackageManager

import android.content.pm.UserInfo

import android.content.pm.UserInfo.FLAG_FOR_TESTING
@@ -37,9 +38,7 @@ import android.content.pm.UserInfo.FLAG_FULL 
import android.content.pm.UserInfo.FLAG_MAIN

import android.content.pm.UserInfo.FLAG_SYSTEM

import android.os.Handler

import android.os.IBinder

import android.os.PersistableBundle

import android.os.Process

import android.os.UserHandle

import android.os.UserHandle.MIN_SECONDARY_USER_ID

import android.os.UserHandle.USER_SYSTEM
@@ -57,7 +56,6 @@ import com.android.server.LocalServices 
import com.android.server.SystemService.TargetUser

import com.android.server.pm.UserManagerInternal

import com.android.server.supervision.SupervisionService.ACTION_CONFIRM_SUPERVISION_CREDENTIALS

import com.android.server.supervision.SupervisionService.Injector

import com.google.common.truth.Truth.assertThat

import java.nio.file.Files

import org.junit.Before
@@ -75,7 +73,6 @@ import org.mockito.kotlin.mock 
import org.mockito.kotlin.never

import org.mockito.kotlin.verify

import org.mockito.kotlin.whenever

import org.testng.Assert.assertThrows



/**

 * Unit tests for [SupervisionService].
@@ -97,7 +94,6 @@ class SupervisionServiceTest { 
    private lateinit var context: Context

    private lateinit var lifecycle: SupervisionService.Lifecycle

    private lateinit var service: SupervisionService

    private lateinit var injector: Injector



    @Before

    fun setUp() {
@@ -114,12 +110,10 @@ class SupervisionServiceTest { 
        SupervisionSettings.getInstance()

            .changeDirForTesting(Files.createTempDirectory("tempSupervisionFolder").toFile())



        injector = Injector(context.createAttributionContext(SupervisionLog.TAG));

        service = SupervisionService(injector)

        service = SupervisionService(context)

        lifecycle = SupervisionService.Lifecycle(context, service)

        lifecycle.registerProfileOwnerListener()



        injector.callingUid = Process.SYSTEM_UID

        assertThat(service.isSupervisionEnabledForUser(USER_ID)).isFalse()

    }
@@ -276,15 +270,6 @@ class SupervisionServiceTest { 
        assertThat(getSecureSetting(SEARCH_CONTENT_FILTERS_ENABLED)).isEqualTo(-1)

    }



    @Test

    fun setSupervisionEnabledForUser_callerIsNotSystemUid_throwsException() {

        injector.callingUid = Process.NOBODY_UID



        assertThrows(SecurityException::class.java) {

            service.setSupervisionEnabledForUser(USER_ID, true);

        }

    }



    @Test

    @RequiresFlagsEnabled(Flags.FLAG_ENABLE_REMOVE_POLICIES_ON_SUPERVISION_DISABLE)

    fun setSupervisionEnabledForUser_removesPoliciesWhenDisabling() {