diff options
| -rw-r--r-- | core/java/android/content/pm/LauncherApps.java | 11 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/LauncherAppsService.java | 5 |
3 files changed, 14 insertions, 3 deletions
diff --git a/core/java/android/content/pm/LauncherApps.java b/core/java/android/content/pm/LauncherApps.java index cea0b6b5f3ad..88deec7b083a 100644 --- a/core/java/android/content/pm/LauncherApps.java +++ b/core/java/android/content/pm/LauncherApps.java @@ -16,6 +16,7 @@ package android.content.pm; +import static android.Manifest.permission; import android.annotation.CallbackExecutor; import android.annotation.IntDef; import android.annotation.NonNull; @@ -485,11 +486,15 @@ public class LauncherApps { } /** - * Show an error log on logcat, when the calling user is a managed profile, and the target - * user is different from the calling user, in order to help developers to detect it. + * Show an error log on logcat, when the calling user is a managed profile, the target + * user is different from the calling user, and it is not called from a package that has the + * {@link permission.INTERACT_ACROSS_USERS_FULL} permission, in order to help + * developers to detect it. */ private void logErrorForInvalidProfileAccess(@NonNull UserHandle target) { - if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile()) { + if (UserHandle.myUserId() != target.getIdentifier() && mUserManager.isManagedProfile() + && mContext.checkSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) + != PackageManager.PERMISSION_GRANTED) { Log.w(TAG, "Accessing other profiles/users from managed profile is no longer allowed."); } } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 181a32d06233..6206b57d97b3 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2377,6 +2377,7 @@ @hide --> <permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" android:protectionLevel="signature|installer|telephony" /> + <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" /> <!-- Allows interaction across profiles in the same profile group. --> <permission android:name="android.permission.INTERACT_ACROSS_PROFILES" diff --git a/services/core/java/com/android/server/pm/LauncherAppsService.java b/services/core/java/com/android/server/pm/LauncherAppsService.java index 7bb782b9fadc..60e8be255e91 100644 --- a/services/core/java/com/android/server/pm/LauncherAppsService.java +++ b/services/core/java/com/android/server/pm/LauncherAppsService.java @@ -16,6 +16,7 @@ package com.android.server.pm; +import android.Manifest.permission; import android.annotation.NonNull; import android.annotation.UserIdInt; import android.app.ActivityManager; @@ -303,6 +304,10 @@ public class LauncherAppsService extends SystemService { final int callingUserId = injectCallingUserId(); if (targetUserId == callingUserId) return true; + if (mContext.checkCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL) + == PackageManager.PERMISSION_GRANTED) { + return true; + } long ident = injectClearCallingIdentity(); try { |