diff options
| author | 2024-12-05 12:13:45 -0800 | |
|---|---|---|
| committer | 2024-12-05 12:17:58 -0800 | |
| commit | 4fbb5919e2a26f94b11233e30d4c19bdc3cd5b01 (patch) | |
| tree | 2c2332a9ca1704c1e608f4a9b3d8bbeec92a56aa | |
| parent | 769838e9a9d864bc64fd88a2c8bdd47e1b90007b (diff) | |
Ensure cross-user roles are not available for private space profile/user
Relnote: N/A
Flag: com.android.permission.flags.cross_user_role_enabled
Bug: 382514430
Test: atest RoleManagerMultiUserTest
Change-Id: I78abf982c1c633db366fb4951f3ff6fde8c6612c
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/model/Role.java | 6 | ||||
| -rw-r--r-- | tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt | 19 |
2 files changed, 25 insertions, 0 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index c551c37dc..c4ed99be1 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -472,6 +472,12 @@ public class Role { if (!isAvailableByFeatureFlagAndSdkVersion()) { return false; } + + if (getExclusivity() == EXCLUSIVITY_PROFILE_GROUP + && UserUtils.isPrivateProfile(user, context)) { + return false; + } + if (mBehavior != null) { boolean isAvailableAsUser = mBehavior.isAvailableAsUser(this, user, context); // Ensure that cross-user role is only available if also available for diff --git a/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt index 80507d0c8..134f45131 100644 --- a/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt +++ b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt @@ -77,6 +77,25 @@ class RoleManagerMultiUserTest { @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED) @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS) + @EnsureHasWorkProfile(installInstrumentedApp = OptionalBoolean.TRUE) + @EnsureHasPrivateProfile(installInstrumentedApp = OptionalBoolean.TRUE) + @RequireRunOnPrimaryUser + @Test + @Throws(Exception::class) + fun isAvailableAsUserForProfileGroupExclusiveRole() { + val workProfileRoleManager = getRoleManagerForUser(deviceState.workProfile().userHandle()) + val privateProfileRoleManager = + getRoleManagerForUser(deviceState.privateProfile().userHandle()) + + assertThat(roleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)).isTrue() + assertThat(workProfileRoleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)) + .isTrue() + assertThat(privateProfileRoleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)) + .isFalse() + } + + @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED) + @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS) @Test @Throws(Exception::class) fun cannotGetActiveUserForNonCrossUserRole() { |