Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ae70b96f authored by menghanli's avatar menghanli Committed by Menghan Li
Browse files

Fix SecurityException when need permissions for AccessibilityServicesTest 

Root cause: The userId variable was accidentally overwritten after a previous refactoring, causing UserManager.getProfileIdsWithDisabled() to be called on the wrong user.
Solution: We should getPermittedAccessibilityServicesForUser when
permittedAccessiblityServices are set.

Bug: 274071129
Test: atest CtsDevicePolicyTestCases
Change-Id: I2a89cc0b8def27797a5be42b599325bafb5f5f2c
parent 1c00ee51

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+20 −18
Original line number Diff line number Diff line
@@ -11780,22 +11780,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller));













        // Move AccessibilityManager out of lock to prevent potential deadlock













        final List<AccessibilityServiceInfo> installedServices;













        long id = mInjector.binderClearCallingIdentity();













        try {













            UserInfo user = getUserInfo(userId);













            if (user.isManagedProfile()) {













                userId = user.profileGroupId;













            }













            installedServices = withAccessibilityManager(userId,













                    AccessibilityManager::getInstalledAccessibilityServiceList);













        } finally {













            mInjector.binderRestoreCallingIdentity(id);













        }













        List<String> result = null;





























        synchronized (getLockObject()) {













            List<String> result = null;















            // If we have multiple profiles we return the intersection of the















            // permitted lists. This can happen in cases where we have a device















            // and profile owner.









@@ -11817,9 +11804,22 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                    }















                }















            }













        }





























        // If we have a permitted list add all system accessibility services.















        if (result != null) {













            long id = mInjector.binderClearCallingIdentity();













            try {













                UserInfo user = getUserInfo(userId);













                if (user.isManagedProfile()) {













                    userId = user.profileGroupId;













                }













                // Move AccessibilityManager out of {@link getLockObject} to prevent potential













                // deadlock.













                final List<AccessibilityServiceInfo> installedServices =













                        withAccessibilityManager(userId,













                                AccessibilityManager::getInstalledAccessibilityServiceList);



























                if (installedServices != null) {















                    for (AccessibilityServiceInfo service : installedServices) {















                        ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;









@@ -11829,11 +11829,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                        }















                    }















                }













            } finally {













                mInjector.binderRestoreCallingIdentity(id);













            }















        }





























        return result;















    }













    }





























    @Override















    public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName,