From f5e0e80312e1b9c99e36f3775a5da2b8b93fd3de Mon Sep 17 00:00:00 2001 From: kholoud mohamed Date: Tue, 4 May 2021 16:33:54 +0100 Subject: Changed INTERACT_ACROSS_PROFILES appop to be set per UID In some cases, enforceCrossUserOrProfilePermission fails for packages which have INTERACT_ACROSS_PROFILE appop granted if it shares the uid with another package that doesn't hold the permission, this is because getPackagesForUid is used to get the callingPackage which could return either packages randomly. I've changed setting the appop to be per uid instead of per package, Test: manual testing Bug: 183188804 Bug: 183730243 Bug: 195630721 Change-Id: I7a72c1d3abd1f83924865326797630ded2f2040f Merged-In: I7a72c1d3abd1f83924865326797630ded2f2040f (cherry picked from commit 4670d1d855a853852980148d99b190171db4ec79) --- .../server/pm/CrossProfileAppsServiceImpl.java | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java index 3e9e45e59b95..c3733c4c12fb 100644 --- a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java +++ b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java @@ -482,16 +482,16 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub { // this particular app-op to be modified without the broader app-op permissions. mInjector.withCleanCallingIdentity(() -> mInjector.getAppOpsManager() - .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode)); + .setUidMode(OP_INTERACT_ACROSS_PROFILES, uid, newMode)); } else { mInjector.getAppOpsManager() - .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode); + .setUidMode(OP_INTERACT_ACROSS_PROFILES, uid, newMode); } // Kill the UID before sending the broadcast to ensure that apps can be informed when // their app-op has been revoked. maybeKillUid(packageName, uid, hadPermission); - sendCanInteractAcrossProfilesChangedBroadcast(packageName, uid, UserHandle.of(profileId)); - maybeLogSetInteractAcrossProfilesAppOp(packageName, newMode, logMetrics, uid); + sendCanInteractAcrossProfilesChangedBroadcast(packageName, UserHandle.of(profileId)); + maybeLogSetInteractAcrossProfilesAppOp(packageName, newMode, logMetrics); } /** @@ -509,7 +509,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub { } private void maybeLogSetInteractAcrossProfilesAppOp( - String packageName, @Mode int newMode, boolean logMetrics, int uid) { + String packageName, @Mode int newMode, boolean logMetrics) { if (!logMetrics) { return; } @@ -517,7 +517,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub { .createEvent(DevicePolicyEnums.SET_INTERACT_ACROSS_PROFILES_APP_OP) .setStrings(packageName) .setInt(newMode) - .setBoolean(appDeclaresCrossProfileAttribute(uid)) + .setBoolean(appDeclaresCrossProfileAttribute(packageName)) .write(); } @@ -533,10 +533,10 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub { } private void sendCanInteractAcrossProfilesChangedBroadcast( - String packageName, int uid, UserHandle userHandle) { + String packageName, UserHandle userHandle) { final Intent intent = new Intent(ACTION_CAN_INTERACT_ACROSS_PROFILES_CHANGED).setPackage(packageName); - if (appDeclaresCrossProfileAttribute(uid)) { + if (appDeclaresCrossProfileAttribute(packageName)) { intent.addFlags( Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND | Intent.FLAG_RECEIVER_FOREGROUND); } else { @@ -553,8 +553,8 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub { .queryBroadcastReceiversAsUser(intent, /* flags= */ 0, userHandle); } - private boolean appDeclaresCrossProfileAttribute(int uid) { - return mInjector.getPackageManagerInternal().getPackage(uid).isCrossProfile(); + private boolean appDeclaresCrossProfileAttribute(String packageName) { + return mInjector.getPackageManagerInternal().getPackage(packageName).isCrossProfile(); } @Override -- cgit v1.2.3-59-g8ed1b