Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6f080505 authored by Yvonne Jiang's avatar Yvonne Jiang
Browse files

Fix the SYSTEM_UID check in ConfirmSupervisionCredentialsActivity. 

Previously it was directly comparing the uid instead of extracting the app id, which doesn't work outside of user 0 (isn't multi-user aware).

Bug: 392961554
Flag: android.app.supervision.flags.enable_supervision_settings_screen
Test: atest ConfirmSupervisionCredentialsActivityTest
Change-Id: If9fe1073785406a5140def81a161816ce051ddbb
parent 29cfa492

src/com/android/settings/supervision/ConfirmSupervisionCredentialsActivity.kt

+6 −7
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ import android.os.Binder 
import android.os.Bundle

import android.os.CancellationSignal

import android.os.Process

import android.os.UserHandle

import android.util.Log

import androidx.activity.result.contract.ActivityResultContracts

import androidx.annotation.OpenForTesting
@@ -99,7 +100,9 @@ open class ConfirmSupervisionCredentialsActivity : FragmentActivity() { 
    public override fun onCreate(savedInstanceState: Bundle?) {

        super.onCreate(savedInstanceState)

        if (!callerHasSupervisionRole() && !callerIsSystemUid()) {

            errorHandler()

            errorHandler(

                "Calling uid ${Binder.getCallingUid()} is not supervision role holder or SYSTEM_UID."

            )

            return

        }
@@ -177,11 +180,7 @@ open class ConfirmSupervisionCredentialsActivity : FragmentActivity() { 


    private fun callerIsSystemUid(): Boolean {

        val callingUid = Binder.getCallingUid()

        if (callingUid != Process.SYSTEM_UID) {

            Log.w(TAG, "callingUid: $callingUid is not SYSTEM_UID")

            return false

        }

        return true

        return UserHandle.getAppId(callingUid) == Process.SYSTEM_UID

    }



    @RequiresPermission(anyOf = [INTERACT_ACROSS_USERS_FULL, MANAGE_USERS])
@@ -198,7 +197,7 @@ open class ConfirmSupervisionCredentialsActivity : FragmentActivity() { 
    }



    private fun errorHandler(errStr: String? = null) {

        errStr?.let { Log.w(TAG, it) }

        errStr?.let { Log.e(TAG, it) }

        setResult(RESULT_CANCELED)

        finish()

    }

tests/robotests/src/com/android/settings/supervision/ConfirmSupervisionCredentialsActivityTest.kt

+3 −1
Original line number Diff line number Diff line
@@ -125,7 +125,9 @@ class ConfirmSupervisionCredentialsActivityTest { 
    @Test

    @Config(sdk = [Build.VERSION_CODES.BAKLAVA])

    fun onCreate_callerIsSystemUid_doesNotFinish() {

        ShadowBinder.setCallingUid(Process.SYSTEM_UID)

        ShadowBinder.setCallingUid(

            UserHandle.getUid(/* userId= */ 2, /* appId= */ Process.SYSTEM_UID)

        )

        mockUserManager.stub { on { users } doReturn listOf(SUPERVISING_USER_INFO) }

        mockActivityManager.stub { on { startProfile(any()) } doReturn true }

        mockKeyguardManager.stub { on { isDeviceSecure(SUPERVISING_USER_ID) } doReturn true }