Merge "Ensure calling user is the same as requested user." into sc-dev am:... (c1353157) · Commits · e / os / android_frameworks_base

apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java

+4 −22

Original line number	Original line	Diff line number	Diff line
	@@ -18,7 +18,6 @@ package com.android.server.appsearch;
	import static android.app.appsearch.AppSearchResult.throwableToFailedResult;		import static android.app.appsearch.AppSearchResult.throwableToFailedResult;
	import static android.os.Process.INVALID_UID;		import static android.os.Process.INVALID_UID;

	import android.Manifest;
	import android.annotation.ElapsedRealtimeLong;		import android.annotation.ElapsedRealtimeLong;
	import android.annotation.NonNull;		import android.annotation.NonNull;
	import android.app.appsearch.AppSearchBatchResult;		import android.app.appsearch.AppSearchBatchResult;
	@@ -1354,43 +1353,26 @@ public class AppSearchManagerService extends SystemService {
	/**		/**
	* Helper for dealing with incoming user arguments to system service calls.		* Helper for dealing with incoming user arguments to system service calls.
	*		*
	* <p>Takes care of checking permissions and converting USER_CURRENT to the actual current user.
	*
	* @param requestedUser The user which the caller is requesting to execute as.		* @param requestedUser The user which the caller is requesting to execute as.
	* @param callingUid The actual uid of the caller as determined by Binder.		* @param callingUid The actual uid of the caller as determined by Binder.
	* @return the user handle that the call should run as. Will always be a concrete user.		* @return the user handle that the call should run as. Will always be a concrete user.
	*/		*/
	@NonNull		@NonNull
	private UserHandle handleIncomingUser(@NonNull UserHandle requestedUser, int callingUid) {		private UserHandle handleIncomingUser(@NonNull UserHandle requestedUser, int callingUid) {
	int callingPid = Binder.getCallingPid();
	UserHandle callingUser = UserHandle.getUserHandleForUid(callingUid);		UserHandle callingUser = UserHandle.getUserHandleForUid(callingUid);
	if (callingUser.equals(requestedUser)) {		if (callingUser.equals(requestedUser)) {
	return requestedUser;		return requestedUser;
	}		}

	// Duplicates UserController#ensureNotSpecialUser		// Duplicates UserController#ensureNotSpecialUser
	if (requestedUser.getIdentifier() < 0) {		if (requestedUser.getIdentifier() < 0) {
	throw new IllegalArgumentException(		throw new IllegalArgumentException(
	"Call does not support special user " + requestedUser);		"Call does not support special user " + requestedUser);
	}		}
	boolean canInteractAcrossUsers = mContext.checkPermission(
	Manifest.permission.INTERACT_ACROSS_USERS,
	callingPid,
	callingUid) == PackageManager.PERMISSION_GRANTED;
	if (!canInteractAcrossUsers) {
	canInteractAcrossUsers = mContext.checkPermission(
	Manifest.permission.INTERACT_ACROSS_USERS_FULL,
	callingPid,
	callingUid) == PackageManager.PERMISSION_GRANTED;
	}
	if (canInteractAcrossUsers) {
	return requestedUser;
	}
	throw new SecurityException(		throw new SecurityException(
	"Permission denied while calling from uid " + callingUid		"Requested user, " + requestedUser + ", is not the same as the calling user, "
	+ " with " + requestedUser + "; Need to run as either the calling user ("		+ callingUser + ".");
	+ callingUser + "), or with one of the following permissions: "
	+ Manifest.permission.INTERACT_ACROSS_USERS + " or "
	+ Manifest.permission.INTERACT_ACROSS_USERS_FULL);
	}		}

	/**		/**