Improved exception when caller cannot cross users or profiles. (88089265) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+27 −23

Original line number	Original line	Diff line number	Diff line
	@@ -4427,7 +4427,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
	* @param checkShell whether to prevent shell from access if there's a debugging restriction		* @param checkShell whether to prevent shell from access if there's a debugging restriction
	* @param message the message to log on security exception		* @param message the message to log on security exception
	*/		*/
	private void enforceCrossUserPermission(int callingUid, int userId,		private void enforceCrossUserPermission(int callingUid, @UserIdInt int userId,
	boolean requireFullPermission, boolean checkShell,		boolean requireFullPermission, boolean checkShell,
	boolean requirePermissionWhenSameUser, String message) {		boolean requirePermissionWhenSameUser, String message) {
	if (userId < 0) {		if (userId < 0) {
	@@ -4444,7 +4444,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
	return;		return;
	}		}
	String errorMessage = buildInvalidCrossUserPermissionMessage(		String errorMessage = buildInvalidCrossUserPermissionMessage(
	message, requireFullPermission);		callingUid, userId, message, requireFullPermission);
	Slog.w(TAG, errorMessage);		Slog.w(TAG, errorMessage);
	throw new SecurityException(errorMessage);		throw new SecurityException(errorMessage);
	}		}
	@@ -4463,7 +4463,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
	* @param checkShell whether to prevent shell from access if there's a debugging restriction		* @param checkShell whether to prevent shell from access if there's a debugging restriction
	* @param message the message to log on security exception		* @param message the message to log on security exception
	*/		*/
	private void enforceCrossUserOrProfilePermission(int callingUid, int userId,		private void enforceCrossUserOrProfilePermission(int callingUid, @UserIdInt int userId,
	boolean requireFullPermission, boolean checkShell,		boolean requireFullPermission, boolean checkShell,
	String message) {		String message) {
	if (userId < 0) {		if (userId < 0) {
	@@ -4489,7 +4489,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
	return;		return;
	}		}
	String errorMessage = buildInvalidCrossUserOrProfilePermissionMessage(		String errorMessage = buildInvalidCrossUserOrProfilePermissionMessage(
	message, requireFullPermission, isSameProfileGroup);		callingUid, userId, message, requireFullPermission, isSameProfileGroup);
	Slog.w(TAG, errorMessage);		Slog.w(TAG, errorMessage);
	throw new SecurityException(errorMessage);		throw new SecurityException(errorMessage);
	}		}
	@@ -4524,44 +4524,48 @@ public class PermissionManagerService extends IPermissionManager.Stub {
	}		}
	}		}

	private static String buildInvalidCrossUserPermissionMessage(		private static String buildInvalidCrossUserPermissionMessage(int callingUid,
	String message, boolean requireFullPermission) {		@UserIdInt int userId, String message, boolean requireFullPermission) {
	StringBuilder builder = new StringBuilder();		StringBuilder builder = new StringBuilder();
	if (message != null) {		if (message != null) {
	builder.append(message);		builder.append(message);
	builder.append(": ");		builder.append(": ");
	}		}
	builder.append("Requires ");		builder.append("UID ");
			builder.append(callingUid);
			builder.append(" requires ");
	builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);		builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
	if (requireFullPermission) {		if (!requireFullPermission) {
	builder.append(".");
	return builder.toString();
	}
	builder.append(" or ");		builder.append(" or ");
	builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS);		builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS);
			}
			builder.append(" to access user ");
			builder.append(userId);
	builder.append(".");		builder.append(".");
	return builder.toString();		return builder.toString();
	}		}

	private static String buildInvalidCrossUserOrProfilePermissionMessage(		private static String buildInvalidCrossUserOrProfilePermissionMessage(int callingUid,
	String message, boolean requireFullPermission, boolean isSameProfileGroup) {		@UserIdInt int userId, String message, boolean requireFullPermission,
			boolean isSameProfileGroup) {
	StringBuilder builder = new StringBuilder();		StringBuilder builder = new StringBuilder();
	if (message != null) {		if (message != null) {
	builder.append(message);		builder.append(message);
	builder.append(": ");		builder.append(": ");
	}		}
	builder.append("Requires ");		builder.append("UID ");
			builder.append(callingUid);
			builder.append(" requires ");
	builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);		builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
	if (requireFullPermission) {		if (!requireFullPermission) {
	builder.append(".");
	return builder.toString();
	}
	builder.append(" or ");		builder.append(" or ");
	builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS);		builder.append(android.Manifest.permission.INTERACT_ACROSS_USERS);
	if (isSameProfileGroup) {		if (isSameProfileGroup) {
	builder.append(" or ");		builder.append(" or ");
	builder.append(android.Manifest.permission.INTERACT_ACROSS_PROFILES);		builder.append(android.Manifest.permission.INTERACT_ACROSS_PROFILES);
	}		}
			}
			builder.append(" to access user ");
	builder.append(".");		builder.append(".");
	return builder.toString();		return builder.toString();
	}		}