diff options
| author | 2024-11-28 01:01:59 +0000 | |
|---|---|---|
| committer | 2024-11-28 04:22:23 +0000 | |
| commit | c39032e4a1a3f3362da9416f51b57488834e5bf2 (patch) | |
| tree | 7cce17dce4afb6efbf8a2e3a3dde6045d99fc6e7 | |
| parent | df04cbc109205779390282d4aabfe2f37acd400e (diff) | |
Enforce profileExclusive available on full user
Ensure that profileGroup exclusive role is only available if also available for the profile-group's full user
LOW_COVERAGE_REASON=FLAG_NOT_ENABLED
Relnote: N/A
Flag: com.android.permission.flags.cross_user_role_enabled
Bug: 376133070
Test: manual
Change-Id: Id3f6ae8a8702edf371cd63b8b34e894b5ac5fc86
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/model/Role.java | 15 | ||||
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java | 21 |
2 files changed, 33 insertions, 3 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index 0a04e2764..48bc34b8f 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -472,10 +472,19 @@ public class Role { if (!isAvailableByFeatureFlagAndSdkVersion()) { return false; } - // TODO(b/376133070): ensure that cross-user role is only available if also available for - // the profile-group's full user if (mBehavior != null) { - return mBehavior.isAvailableAsUser(this, user, context); + boolean isAvailableAsUser = mBehavior.isAvailableAsUser(this, user, context); + // Ensure that cross-user role is only available if also available for + // the profile-group's full user + if (isAvailableAsUser && getExclusivity() == EXCLUSIVITY_PROFILE_GROUP) { + UserHandle profileParent = UserUtils.getProfileParentOrSelf(user, context); + if (!Objects.equals(profileParent, user) + && !mBehavior.isAvailableAsUser(this, profileParent, context)) { + throw new IllegalArgumentException("Role is not available for profile parent: " + + profileParent.getIdentifier()); + } + } + return isAvailableAsUser; } return true; } diff --git a/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java b/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java index 1b6926ef8..f3cb7926a 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java +++ b/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java @@ -24,6 +24,7 @@ import android.os.UserHandle; import android.os.UserManager; import androidx.annotation.NonNull; +import androidx.annotation.Nullable; import com.android.modules.utils.build.SdkLevel; @@ -111,4 +112,24 @@ public final class UserUtils { return context.createContextAsUser(user, 0); } } + + /** + * Returns the parent of a given user, or user if it has no parent (e.g. it is the primary + * user) + */ + @NonNull + public static UserHandle getProfileParentOrSelf(@NonNull UserHandle user, + @NonNull Context context) { + UserHandle profileParent = getProfileParent(user, context); + // If profile parent user is null, then original user is the parent + return profileParent != null ? profileParent : user; + } + + /** Returns the parent of a given user. */ + @Nullable + private static UserHandle getProfileParent(UserHandle user, @NonNull Context context) { + Context userContext = getUserContext(context, user); + UserManager userManager = userContext.getSystemService(UserManager.class); + return userManager.getProfileParent(user); + } } |