Loading services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +28 −22 Original line number Diff line number Diff line Loading @@ -2277,6 +2277,15 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } if (userState.mEnabledServices.contains(componentName) && !mUiAutomationManager.suppressingAccessibilityServicesLocked()) { // Skip the enabling service disallowed by device admin policy. if (!isAccessibilityTargetAllowed(componentName.getPackageName(), installedService.getResolveInfo().serviceInfo.applicationInfo.uid, userState.mUserId)) { Slog.d(LOG_TAG, "Skipping enabling service disallowed by device admin policy: " + componentName); disableAccessibilityServiceLocked(componentName, userState.mUserId); continue; } if (service == null) { service = new AccessibilityServiceConnection(userState, mContext, componentName, installedService, sIdCounter++, mMainHandler, mLock, mSecurityPolicy, Loading Loading @@ -3889,11 +3898,9 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } } @Override @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public boolean isAccessibilityTargetAllowed(String packageName, int uid, int userId) { final long identity = Binder.clearCallingIdentity(); try { final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); final List<String> permittedServices = dpm.getPermittedAccessibilityServices(userId); Loading @@ -3909,12 +3916,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED; } return false; } finally { Binder.restoreCallingIdentity(identity); } } @Override @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public boolean sendRestrictedDialogIntent(String packageName, int uid, int userId) { // The accessibility service is allowed. Don't show the restricted dialog. if (isAccessibilityTargetAllowed(packageName, uid, userId)) { Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +20 −19 Original line number Diff line number Diff line Loading @@ -11779,6 +11779,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller)); // Move AccessibilityManager out of lock to prevent potential deadlock final List<AccessibilityServiceInfo> installedServices; long id = mInjector.binderClearCallingIdentity(); try { UserInfo user = getUserInfo(userId); if (user.isManagedProfile()) { userId = user.profileGroupId; } installedServices = withAccessibilityManager(userId, AccessibilityManager::getInstalledAccessibilityServiceList); } finally { mInjector.binderRestoreCallingIdentity(id); } synchronized (getLockObject()) { List<String> result = null; // If we have multiple profiles we return the intersection of the Loading @@ -11805,16 +11819,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // If we have a permitted list add all system accessibility services. if (result != null) { long id = mInjector.binderClearCallingIdentity(); try { UserInfo user = getUserInfo(userId); if (user.isManagedProfile()) { userId = user.profileGroupId; } final List<AccessibilityServiceInfo> installedServices = withAccessibilityManager(userId, AccessibilityManager::getInstalledAccessibilityServiceList); if (installedServices != null) { for (AccessibilityServiceInfo service : installedServices) { ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; Loading @@ -11824,9 +11828,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } finally { mInjector.binderRestoreCallingIdentity(id); } } return result; Loading
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +28 −22 Original line number Diff line number Diff line Loading @@ -2277,6 +2277,15 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } if (userState.mEnabledServices.contains(componentName) && !mUiAutomationManager.suppressingAccessibilityServicesLocked()) { // Skip the enabling service disallowed by device admin policy. if (!isAccessibilityTargetAllowed(componentName.getPackageName(), installedService.getResolveInfo().serviceInfo.applicationInfo.uid, userState.mUserId)) { Slog.d(LOG_TAG, "Skipping enabling service disallowed by device admin policy: " + componentName); disableAccessibilityServiceLocked(componentName, userState.mUserId); continue; } if (service == null) { service = new AccessibilityServiceConnection(userState, mContext, componentName, installedService, sIdCounter++, mMainHandler, mLock, mSecurityPolicy, Loading Loading @@ -3889,11 +3898,9 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } } @Override @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public boolean isAccessibilityTargetAllowed(String packageName, int uid, int userId) { final long identity = Binder.clearCallingIdentity(); try { final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); final List<String> permittedServices = dpm.getPermittedAccessibilityServices(userId); Loading @@ -3909,12 +3916,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED; } return false; } finally { Binder.restoreCallingIdentity(identity); } } @Override @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public boolean sendRestrictedDialogIntent(String packageName, int uid, int userId) { // The accessibility service is allowed. Don't show the restricted dialog. if (isAccessibilityTargetAllowed(packageName, uid, userId)) { Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +20 −19 Original line number Diff line number Diff line Loading @@ -11779,6 +11779,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller)); // Move AccessibilityManager out of lock to prevent potential deadlock final List<AccessibilityServiceInfo> installedServices; long id = mInjector.binderClearCallingIdentity(); try { UserInfo user = getUserInfo(userId); if (user.isManagedProfile()) { userId = user.profileGroupId; } installedServices = withAccessibilityManager(userId, AccessibilityManager::getInstalledAccessibilityServiceList); } finally { mInjector.binderRestoreCallingIdentity(id); } synchronized (getLockObject()) { List<String> result = null; // If we have multiple profiles we return the intersection of the Loading @@ -11805,16 +11819,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // If we have a permitted list add all system accessibility services. if (result != null) { long id = mInjector.binderClearCallingIdentity(); try { UserInfo user = getUserInfo(userId); if (user.isManagedProfile()) { userId = user.profileGroupId; } final List<AccessibilityServiceInfo> installedServices = withAccessibilityManager(userId, AccessibilityManager::getInstalledAccessibilityServiceList); if (installedServices != null) { for (AccessibilityServiceInfo service : installedServices) { ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; Loading @@ -11824,9 +11828,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } finally { mInjector.binderRestoreCallingIdentity(id); } } return result;
