getUserPropertiesCopy handles Query/Manage perms

getUserPropertiesCopy should use the standard way of querying whether a
caller has Query or Manage users permission. In particular, a caller
that has Manage should be treated as though it has Query as well, which
this cl will ensure. Some variable names and comments are updated to
make this clearer.

Test: atest UserManagerServiceUserPropertiesTest
Change-Id: I6ba312b27e6ab47498a03ecac6c1ffd6f60442e8

2 files changed, 10 insertions, 9 deletions

diff --git a/core/java/android/content/pm/UserProperties.java b/core/java/android/content/pm/UserProperties.java
index 1a82e4d78b11..b345d507050a 100644
--- a/core/java/android/content/pm/UserProperties.java
+++ b/core/java/android/content/pm/UserProperties.java
@@ -114,7 +114,7 @@ public final class UserProperties implements Parcelable {
     public UserProperties(UserProperties orig,
             boolean exposeAllFields,
             boolean hasManagePermission,
-            boolean hasQueryPermission) {
+            boolean hasQueryOrManagePermission) {
 
         if (orig.mDefaultProperties == null) {
             throw new IllegalArgumentException("Attempting to copy a non-original UserProperties.");
@@ -122,17 +122,19 @@ public final class UserProperties implements Parcelable {
 
         this.mDefaultProperties = null;
 
+        // Insert each setter into the following hierarchy based on its permission requirements.
         // NOTE: Copy each property using getters to ensure default values are copied if needed.
         if (exposeAllFields) {
+            // Add items that require exposeAllFields to be true (strictest permission level).
             setStartWithParent(orig.getStartWithParent());
         }
         if (hasManagePermission) {
-            // Add any items that require this permission.
+            // Add items that require MANAGE_USERS or stronger.
         }
-        if (hasQueryPermission) {
-            // Add any items that require this permission.
+        if (hasQueryOrManagePermission) {
+            // Add items that require QUERY_USERS or stronger.
         }
-        // Add any items that require no permissions at all.
+        // Add items that have no permission requirements at all.
         setShowInLauncher(orig.getShowInLauncher());
     }
 
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 0a89d131eda2..2a250074330a 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1540,10 +1540,9 @@ public class UserManagerService extends IUserManager.Stub {
         checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserProperties");
         final UserProperties origProperties = getUserPropertiesInternal(userId);
         if (origProperties != null) {
-            int callingUid = Binder.getCallingUid();
-            boolean exposeAllFields = callingUid == Process.SYSTEM_UID;
-            boolean hasManage = hasPermissionGranted(Manifest.permission.MANAGE_USERS, callingUid);
-            boolean hasQuery = hasPermissionGranted(Manifest.permission.QUERY_USERS, callingUid);
+            boolean exposeAllFields = Binder.getCallingUid() == Process.SYSTEM_UID;
+            boolean hasManage = hasManageUsersPermission();
+            boolean hasQuery = hasQueryUsersPermission();
             return new UserProperties(origProperties, exposeAllFields, hasManage, hasQuery);
         }
         // A non-existent or partial user will reach here.