From 627d4db7030344a2cc66c30cbf56676e4d274917 Mon Sep 17 00:00:00 2001 From: Mehdi Alizadeh Date: Mon, 4 Feb 2019 13:52:03 -0800 Subject: Enforce MANAGE_APP_PREDICTIONS on hasShareTargets ShortcutManager#hasShareTargets() is used in ShareSheet, which is moving out of system process. So we need to annotate hasShareTargets as systemApi and enforce permission on the caller. Bug: 123779604 Test: atest ShortcutManagerTest1 Change-Id: Ib2352f0e8600b0e792405af5b9b61b380c050d28 --- api/system-current.txt | 1 + core/java/android/content/pm/ShortcutManager.java | 1 + services/core/java/com/android/server/pm/ShortcutService.java | 3 ++- .../src/com/android/server/pm/ShortcutManagerTest1.java | 9 +++++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/api/system-current.txt b/api/system-current.txt index c831522f1286..c2ae24fcee95 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -1713,6 +1713,7 @@ package android.content.pm { public class ShortcutManager { method @NonNull public java.util.List getShareTargets(@NonNull android.content.IntentFilter); + method public boolean hasShareTargets(@NonNull String); } public static final class ShortcutManager.ShareShortcutInfo implements android.os.Parcelable { diff --git a/core/java/android/content/pm/ShortcutManager.java b/core/java/android/content/pm/ShortcutManager.java index 849fd03eacb3..bd327b0be874 100644 --- a/core/java/android/content/pm/ShortcutManager.java +++ b/core/java/android/content/pm/ShortcutManager.java @@ -644,6 +644,7 @@ public class ShortcutManager { * @return True if the package has any share target definitions, False otherwise. * @hide */ + @SystemApi public boolean hasShareTargets(@NonNull String packageName) { try { return mService.hasShareTargets(mContext.getPackageName(), packageName, diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java index ff6d7a888950..9deea9ec8622 100644 --- a/services/core/java/com/android/server/pm/ShortcutService.java +++ b/services/core/java/com/android/server/pm/ShortcutService.java @@ -2173,7 +2173,8 @@ public class ShortcutService extends IShortcutService.Stub { public boolean hasShareTargets(String packageName, String packageToCheck, @UserIdInt int userId) { verifyCaller(packageName, userId); - enforceSystem(); + enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APP_PREDICTIONS, + "hasShareTargets"); synchronized (mLock) { throwIfUserLockedL(userId); diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest1.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest1.java index 76beb8f99c18..7e6b7da4a058 100644 --- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest1.java +++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest1.java @@ -6286,6 +6286,15 @@ public class ShortcutManagerTest1 extends BaseShortcutManagerTest { mManager.getShareTargets(filter); } + public void testHasShareTargets_permission() { + assertExpectException(SecurityException.class, "Missing permission", () -> + mManager.hasShareTargets(CALLING_PACKAGE_1)); + + // Has permission, now it should pass. + mCallerPermissions.add(permission.MANAGE_APP_PREDICTIONS); + mManager.hasShareTargets(CALLING_PACKAGE_1); + } + public void testDumpsys_crossProfile() { prepareCrossProfileDataSet(); dumpsysOnLogcat("test1", /* force= */ true); -- cgit v1.2.3-59-g8ed1b