diff options
| -rw-r--r-- | core/java/android/content/pm/UserProperties.java | 12 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/UserManagerService.java | 7 |
2 files changed, 10 insertions, 9 deletions
diff --git a/core/java/android/content/pm/UserProperties.java b/core/java/android/content/pm/UserProperties.java index 1a82e4d78b11..b345d507050a 100644 --- a/core/java/android/content/pm/UserProperties.java +++ b/core/java/android/content/pm/UserProperties.java @@ -114,7 +114,7 @@ public final class UserProperties implements Parcelable { public UserProperties(UserProperties orig, boolean exposeAllFields, boolean hasManagePermission, - boolean hasQueryPermission) { + boolean hasQueryOrManagePermission) { if (orig.mDefaultProperties == null) { throw new IllegalArgumentException("Attempting to copy a non-original UserProperties."); @@ -122,17 +122,19 @@ public final class UserProperties implements Parcelable { this.mDefaultProperties = null; + // Insert each setter into the following hierarchy based on its permission requirements. // NOTE: Copy each property using getters to ensure default values are copied if needed. if (exposeAllFields) { + // Add items that require exposeAllFields to be true (strictest permission level). setStartWithParent(orig.getStartWithParent()); } if (hasManagePermission) { - // Add any items that require this permission. + // Add items that require MANAGE_USERS or stronger. } - if (hasQueryPermission) { - // Add any items that require this permission. + if (hasQueryOrManagePermission) { + // Add items that require QUERY_USERS or stronger. } - // Add any items that require no permissions at all. + // Add items that have no permission requirements at all. setShowInLauncher(orig.getShowInLauncher()); } diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index 0a89d131eda2..2a250074330a 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -1540,10 +1540,9 @@ public class UserManagerService extends IUserManager.Stub { checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserProperties"); final UserProperties origProperties = getUserPropertiesInternal(userId); if (origProperties != null) { - int callingUid = Binder.getCallingUid(); - boolean exposeAllFields = callingUid == Process.SYSTEM_UID; - boolean hasManage = hasPermissionGranted(Manifest.permission.MANAGE_USERS, callingUid); - boolean hasQuery = hasPermissionGranted(Manifest.permission.QUERY_USERS, callingUid); + boolean exposeAllFields = Binder.getCallingUid() == Process.SYSTEM_UID; + boolean hasManage = hasManageUsersPermission(); + boolean hasQuery = hasQueryUsersPermission(); return new UserProperties(origProperties, exposeAllFields, hasManage, hasQuery); } // A non-existent or partial user will reach here. |