diff options
| -rw-r--r-- | api/current.txt | 2 | ||||
| -rw-r--r-- | api/system-current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/os/UserManager.java | 33 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/UserManagerService.java | 2 |
4 files changed, 34 insertions, 4 deletions
diff --git a/api/current.txt b/api/current.txt index 6278179bc120..2cf1f44ebb6c 100644 --- a/api/current.txt +++ b/api/current.txt @@ -35506,7 +35506,7 @@ package android.os { method public String getUserName(); method public java.util.List<android.os.UserHandle> getUserProfiles(); method public android.os.Bundle getUserRestrictions(); - method public android.os.Bundle getUserRestrictions(android.os.UserHandle); + method @RequiresPermission(anyOf={"android.permission.MANAGE_USERS", "android.permission.INTERACT_ACROSS_USERS"}, conditional=true) public android.os.Bundle getUserRestrictions(android.os.UserHandle); method public boolean hasUserRestriction(String); method public boolean isDemoUser(); method public boolean isQuietModeEnabled(android.os.UserHandle); diff --git a/api/system-current.txt b/api/system-current.txt index 1b431a2f4800..02ef14e478b1 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -5691,6 +5691,7 @@ package android.os { method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public java.util.List<android.os.UserManager.EnforcingUser> getUserRestrictionSources(String, android.os.UserHandle); method @RequiresPermission(allOf={android.Manifest.permission.READ_PHONE_STATE, android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public int getUserSwitchability(); method public boolean hasRestrictedProfiles(); + method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean hasUserRestrictionForUser(@NonNull String, @NonNull android.os.UserHandle); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isAdminUser(); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isGuestUser(); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isManagedProfile(); diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java index b7a3c8f2f3be..3476b18ceee0 100644 --- a/core/java/android/os/UserManager.java +++ b/core/java/android/os/UserManager.java @@ -1909,7 +1909,14 @@ public class UserManager { * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. * @return a Bundle containing all the restrictions. + * + * <p>Requires {@code android.permission.MANAGE_USERS} or + * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} + * must be the calling user or a managed profile associated with it. */ + @RequiresPermission(anyOf = { + android.Manifest.permission.MANAGE_USERS, + android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) public Bundle getUserRestrictions(UserHandle userHandle) { try { return mService.getUserRestrictions(userHandle.getIdentifier()); @@ -2000,7 +2007,7 @@ public class UserManager { * @return {@code true} if the current user has the given restriction, {@code false} otherwise. */ public boolean hasUserRestriction(String restrictionKey) { - return hasUserRestriction(restrictionKey, Process.myUserHandle()); + return hasUserRestrictionForUser(restrictionKey, Process.myUserHandle()); } /** @@ -2012,9 +2019,29 @@ public class UserManager { */ @UnsupportedAppUsage public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { + return hasUserRestrictionForUser(restrictionKey, userHandle); + } + + /** + * Returns whether the given user has been disallowed from performing certain actions + * or setting certain settings. + * @param restrictionKey the string key representing the restriction + * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. + * + * <p>Requires {@code android.permission.MANAGE_USERS} or + * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} + * must be the calling user or a managed profile associated with it. + * + * @hide + */ + @SystemApi + @RequiresPermission(anyOf = { + android.Manifest.permission.MANAGE_USERS, + android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) + public boolean hasUserRestrictionForUser(@NonNull String restrictionKey, + @NonNull UserHandle userHandle) { try { - return mService.hasUserRestriction(restrictionKey, - userHandle.getIdentifier()); + return mService.hasUserRestriction(restrictionKey, userHandle.getIdentifier()); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index fe371250ac17..5c9b9c93e4fe 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -1593,6 +1593,7 @@ public class UserManagerService extends IUserManager.Stub { /** @return a specific user restriction that's in effect currently. */ @Override public boolean hasUserRestriction(String restrictionKey, @UserIdInt int userId) { + checkManageOrInteractPermIfCallerInOtherProfileGroup(userId, "hasUserRestriction"); return mLocalService.hasUserRestriction(restrictionKey, userId); } @@ -1717,6 +1718,7 @@ public class UserManagerService extends IUserManager.Stub { */ @Override public Bundle getUserRestrictions(@UserIdInt int userId) { + checkManageOrInteractPermIfCallerInOtherProfileGroup(userId, "getUserRestrictions"); return UserRestrictionsUtils.clone(getEffectiveUserRestrictions(userId)); } |