Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aecbd037 authored by Makoto Onuki's avatar Makoto Onuki
Browse files

Do not allow work profile apps to access main profile app. 

Bug: 34340531

Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest1 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest2 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest3 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest4 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest5 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest6 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest7 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest8 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest9 -w com.android.frameworks.servicestests
Test: adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest10 -w com.android.frameworks.servicestests

Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsShortcutHostTestCases -t 'android.content.pm.cts.shortcuthost.ShortcutManagerMultiuserTest#testManagedUser'
Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t 'com.android.cts.devicepolicy.LauncherAppsProfileTest'

Change-Id: I34e9f351d2a8addf65a5a928c3dd4363f08611dc
parent 0ae1a7d9

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -9803,6 +9803,7 @@ package android.content.pm { 
    method public java.util.List<android.content.pm.LauncherActivityInfo> getActivityList(java.lang.String, android.os.UserHandle);

    method public android.content.pm.ApplicationInfo getApplicationInfo(java.lang.String, int, android.os.UserHandle);

    method public android.content.pm.LauncherApps.PinItemRequest getPinItemRequest(android.content.Intent);

    method public java.util.List<android.os.UserHandle> getProfiles();

    method public android.graphics.drawable.Drawable getShortcutBadgedIconDrawable(android.content.pm.ShortcutInfo, int);

    method public android.content.IntentSender getShortcutConfigActivityIntent(android.content.pm.LauncherActivityInfo);

    method public java.util.List<android.content.pm.LauncherActivityInfo> getShortcutConfigActivityList(java.lang.String, android.os.UserHandle);

api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -10231,6 +10231,7 @@ package android.content.pm { 
    method public java.util.List<android.content.pm.LauncherActivityInfo> getActivityList(java.lang.String, android.os.UserHandle);

    method public android.content.pm.ApplicationInfo getApplicationInfo(java.lang.String, int, android.os.UserHandle);

    method public android.content.pm.LauncherApps.PinItemRequest getPinItemRequest(android.content.Intent);

    method public java.util.List<android.os.UserHandle> getProfiles();

    method public android.graphics.drawable.Drawable getShortcutBadgedIconDrawable(android.content.pm.ShortcutInfo, int);

    method public android.content.IntentSender getShortcutConfigActivityIntent(android.content.pm.LauncherActivityInfo);

    method public java.util.List<android.content.pm.LauncherActivityInfo> getShortcutConfigActivityList(java.lang.String, android.os.UserHandle);

api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -9831,6 +9831,7 @@ package android.content.pm { 
    method public java.util.List<android.content.pm.LauncherActivityInfo> getActivityList(java.lang.String, android.os.UserHandle);

    method public android.content.pm.ApplicationInfo getApplicationInfo(java.lang.String, int, android.os.UserHandle);

    method public android.content.pm.LauncherApps.PinItemRequest getPinItemRequest(android.content.Intent);

    method public java.util.List<android.os.UserHandle> getProfiles();

    method public android.graphics.drawable.Drawable getShortcutBadgedIconDrawable(android.content.pm.ShortcutInfo, int);

    method public android.content.IntentSender getShortcutConfigActivityIntent(android.content.pm.LauncherActivityInfo);

    method public java.util.List<android.content.pm.LauncherActivityInfo> getShortcutConfigActivityList(java.lang.String, android.os.UserHandle);

core/java/android/content/pm/LauncherApps.java

+24 −3
Original line number Diff line number Diff line
@@ -61,15 +61,18 @@ import java.util.List; 


/**

 * Class for retrieving a list of launchable activities for the current user and any associated

 * managed profiles. This is mainly for use by launchers. Apps can be queried for each user profile.

 * managed profiles that are visible to the current user, which can be retrieved with

 * {@link #getProfiles}. This is mainly for use by launchers.

 *

 * Apps can be queried for each user profile.

 * Since the PackageManager will not deliver package broadcasts for other profiles, you can register

 * for package changes here.

 * <p>

 * To watch for managed profiles being added or removed, register for the following broadcasts:

 * {@link Intent#ACTION_MANAGED_PROFILE_ADDED} and {@link Intent#ACTION_MANAGED_PROFILE_REMOVED}.

 * <p>

 * You can retrieve the list of profiles associated with this user with

 * {@link UserManager#getUserProfiles()}.

 * Note as of Android O, apps on a managed profile are no longer allowed to access apps on the

 * main profile.  Apps can only access profiles returned by {@link #getProfiles()}.

 */

public class LauncherApps {
@@ -375,6 +378,24 @@ public class LauncherApps { 
                ServiceManager.getService(Context.LAUNCHER_APPS_SERVICE)));

    }



    /**

     * Return a list of profiles that the caller can access via the {@link LauncherApps} APIs.

     *

     * <p>If the caller is running on a managed profile, it'll return only the current profile.

     * Otherwise it'll return the same list as {@link UserManager#getUserProfiles()} would.

     */

    public List<UserHandle> getProfiles() {

        final UserManager um = mContext.getSystemService(UserManager.class);

        if (um.isManagedProfile()) {

            // If it's a managed profile, only return the current profile.

            final List result =  new ArrayList(1);

            result.add(android.os.Process.myUserHandle());

            return result;

        } else {

            return um.getUserProfiles();

        }

    }



    /**

     * Retrieves a list of launchable activities that match {@link Intent#ACTION_MAIN} and

     * {@link Intent#CATEGORY_LAUNCHER}, for a specified user.

services/core/java/com/android/server/pm/LauncherAppsService.java

+14 −10
Original line number Diff line number Diff line
@@ -231,11 +231,15 @@ public class LauncherAppsService extends SystemService { 
            long ident = injectClearCallingIdentity();

            try {

                UserInfo callingUserInfo = mUm.getUserInfo(callingUserId);

                if (callingUserInfo.isManagedProfile()) {

                    throw new SecurityException(message + " for another profile " + targetUserId);

                }



                UserInfo targetUserInfo = mUm.getUserInfo(targetUserId);

                if (targetUserInfo == null

                        || targetUserInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID

                        || targetUserInfo.profileGroupId != callingUserInfo.profileGroupId) {

                    throw new SecurityException(message);

                    throw new SecurityException(message + " for unrelated profile " + targetUserId);

                }

            } finally {

                injectRestoreCallingIdentity(ident);
@@ -289,7 +293,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public ActivityInfo resolveActivity(ComponentName component, UserHandle user)

                throws RemoteException {

            ensureInUserProfiles(user, "Cannot resolve activity for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot resolve activity");

            if (!isUserEnabled(user)) {

                return null;

            }
@@ -315,7 +319,7 @@ public class LauncherAppsService extends SystemService { 


        private ParceledListSlice<ResolveInfo> queryActivitiesForUser(Intent intent,

                UserHandle user) {

            ensureInUserProfiles(user, "Cannot retrieve activities for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot retrieve activities");

            if (!isUserEnabled(user)) {

                return null;

            }
@@ -356,7 +360,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public boolean isPackageEnabled(String packageName, UserHandle user)

                throws RemoteException {

            ensureInUserProfiles(user, "Cannot check package for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot check package");

            if (!isUserEnabled(user)) {

                return false;

            }
@@ -377,7 +381,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public ApplicationInfo getApplicationInfo(String packageName, int flags, UserHandle user)

                throws RemoteException {

            ensureInUserProfiles(user, "Cannot check package for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot check package");

            if (!isUserEnabled(user)) {

                return null;

            }
@@ -399,7 +403,7 @@ public class LauncherAppsService extends SystemService { 


        private void ensureShortcutPermission(@NonNull String callingPackage, int userId) {

            verifyCallingPackage(callingPackage);

            ensureInUserProfiles(userId, "Cannot access shortcuts for unrelated profile " + userId);

            ensureInUserProfiles(userId, "Cannot access shortcuts");



            if (!mShortcutServiceInternal.hasShortcutHostPermission(getCallingUserId(),

                    callingPackage)) {
@@ -475,7 +479,7 @@ public class LauncherAppsService extends SystemService { 
        public boolean startShortcut(String callingPackage, String packageName, String shortcutId,

                Rect sourceBounds, Bundle startActivityOptions, int userId) {

            verifyCallingPackage(callingPackage);

            ensureInUserProfiles(userId, "Cannot start activity for unrelated profile " + userId);

            ensureInUserProfiles(userId, "Cannot start activity");



            if (!isUserEnabled(userId)) {

                throw new IllegalStateException("Cannot start a shortcut for disabled profile "
@@ -528,7 +532,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public boolean isActivityEnabled(ComponentName component, UserHandle user)

                throws RemoteException {

            ensureInUserProfiles(user, "Cannot check component for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot check component");

            if (!isUserEnabled(user)) {

                return false;

            }
@@ -549,7 +553,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public void startActivityAsUser(ComponentName component, Rect sourceBounds,

                Bundle opts, UserHandle user) throws RemoteException {

            ensureInUserProfiles(user, "Cannot start activity for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot start activity");

            if (!isUserEnabled(user)) {

                throw new IllegalStateException("Cannot start activity for disabled profile "  + user);

            }
@@ -602,7 +606,7 @@ public class LauncherAppsService extends SystemService { 
        @Override

        public void showAppDetailsAsUser(ComponentName component, Rect sourceBounds,

                Bundle opts, UserHandle user) throws RemoteException {

            ensureInUserProfiles(user, "Cannot show app details for unrelated profile " + user);

            ensureInUserProfiles(user, "Cannot show app details");

            if (!isUserEnabled(user)) {

                throw new IllegalStateException("Cannot show app details for disabled profile "

                        + user);