diff options
| author | 2024-12-06 18:09:54 +0000 | |
|---|---|---|
| committer | 2024-12-06 18:09:54 +0000 | |
| commit | eb90cd06b2852be0b24dc6a2c5569ca10de72bc3 (patch) | |
| tree | ef25bae6cffebdadd1ca9503f281f625d0080759 | |
| parent | be4c76d7141ea4627e3ee3fbf645f4ac33b26e04 (diff) | |
| parent | 4fbb5919e2a26f94b11233e30d4c19bdc3cd5b01 (diff) | |
Merge "Ensure cross-user roles are not available for private space profile/user" into main
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/model/Role.java | 6 | ||||
| -rw-r--r-- | tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt | 19 |
2 files changed, 25 insertions, 0 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index e2af00982..02fa0d455 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -472,6 +472,12 @@ public class Role { if (!isAvailableByFeatureFlagAndSdkVersion()) { return false; } + + if (getExclusivity() == EXCLUSIVITY_PROFILE_GROUP + && UserUtils.isPrivateProfile(user, context)) { + return false; + } + if (mBehavior != null) { boolean isAvailableAsUser = mBehavior.isAvailableAsUser(this, user, context); // Ensure that cross-user role is only available if also available for diff --git a/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt index 80507d0c8..134f45131 100644 --- a/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt +++ b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt @@ -77,6 +77,25 @@ class RoleManagerMultiUserTest { @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED) @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS) + @EnsureHasWorkProfile(installInstrumentedApp = OptionalBoolean.TRUE) + @EnsureHasPrivateProfile(installInstrumentedApp = OptionalBoolean.TRUE) + @RequireRunOnPrimaryUser + @Test + @Throws(Exception::class) + fun isAvailableAsUserForProfileGroupExclusiveRole() { + val workProfileRoleManager = getRoleManagerForUser(deviceState.workProfile().userHandle()) + val privateProfileRoleManager = + getRoleManagerForUser(deviceState.privateProfile().userHandle()) + + assertThat(roleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)).isTrue() + assertThat(workProfileRoleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)) + .isTrue() + assertThat(privateProfileRoleManager.isRoleAvailable(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)) + .isFalse() + } + + @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED) + @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS) @Test @Throws(Exception::class) fun cannotGetActiveUserForNonCrossUserRole() { |