Loading core/java/android/content/pm/LauncherApps.java +8 −3 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.content.pm; import static android.Manifest.permission; import android.annotation.CallbackExecutor; import android.annotation.IntDef; import android.annotation.NonNull; Loading Loading @@ -601,11 +602,15 @@ public class LauncherApps { } /** * Show an error log on logcat, when the calling user is a managed profile, and the target * user is different from the calling user, in order to help developers to detect it. * Show an error log on logcat, when the calling user is a managed profile, the target * user is different from the calling user, and it is not called from a package that has the * {@link permission.INTERACT_ACROSS_USERS_FULL} permission, in order to help * developers to detect it. */ private void logErrorForInvalidProfileAccess(@NonNull UserHandle target) { if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile()) { if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile() && mContext.checkSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) != PackageManager.PERMISSION_GRANTED) { Log.w(TAG, "Accessing other profiles/users from managed profile is no longer allowed."); } } Loading core/res/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -2376,6 +2376,7 @@ @hide --> <permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" android:protectionLevel="signature|installer|telephony" /> <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" /> <!-- Allows interaction across profiles in the same profile group. --> <permission android:name="android.permission.INTERACT_ACROSS_PROFILES" Loading services/core/java/com/android/server/pm/LauncherAppsService.java +5 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.pm; import android.Manifest.permission; import android.annotation.NonNull; import android.annotation.UserIdInt; import android.app.ActivityManager; Loading Loading @@ -305,6 +306,10 @@ public class LauncherAppsService extends SystemService { final int callingUserId = injectCallingUserId(); if (targetUserId == callingUserId) return true; if (mContext.checkCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) == PackageManager.PERMISSION_GRANTED) { return true; } long ident = injectClearCallingIdentity(); try { Loading Loading
core/java/android/content/pm/LauncherApps.java +8 −3 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.content.pm; import static android.Manifest.permission; import android.annotation.CallbackExecutor; import android.annotation.IntDef; import android.annotation.NonNull; Loading Loading @@ -601,11 +602,15 @@ public class LauncherApps { } /** * Show an error log on logcat, when the calling user is a managed profile, and the target * user is different from the calling user, in order to help developers to detect it. * Show an error log on logcat, when the calling user is a managed profile, the target * user is different from the calling user, and it is not called from a package that has the * {@link permission.INTERACT_ACROSS_USERS_FULL} permission, in order to help * developers to detect it. */ private void logErrorForInvalidProfileAccess(@NonNull UserHandle target) { if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile()) { if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile() && mContext.checkSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) != PackageManager.PERMISSION_GRANTED) { Log.w(TAG, "Accessing other profiles/users from managed profile is no longer allowed."); } } Loading
core/res/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -2376,6 +2376,7 @@ @hide --> <permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" android:protectionLevel="signature|installer|telephony" /> <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" /> <!-- Allows interaction across profiles in the same profile group. --> <permission android:name="android.permission.INTERACT_ACROSS_PROFILES" Loading
services/core/java/com/android/server/pm/LauncherAppsService.java +5 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.pm; import android.Manifest.permission; import android.annotation.NonNull; import android.annotation.UserIdInt; import android.app.ActivityManager; Loading Loading @@ -305,6 +306,10 @@ public class LauncherAppsService extends SystemService { final int callingUserId = injectCallingUserId(); if (targetUserId == callingUserId) return true; if (mContext.checkCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) == PackageManager.PERMISSION_GRANTED) { return true; } long ident = injectClearCallingIdentity(); try { Loading
