diff options
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/model/Role.java | 15 | ||||
| -rw-r--r-- | PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java | 21 |
2 files changed, 33 insertions, 3 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index 0a04e2764..48bc34b8f 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -472,10 +472,19 @@ public class Role { if (!isAvailableByFeatureFlagAndSdkVersion()) { return false; } - // TODO(b/376133070): ensure that cross-user role is only available if also available for - // the profile-group's full user if (mBehavior != null) { - return mBehavior.isAvailableAsUser(this, user, context); + boolean isAvailableAsUser = mBehavior.isAvailableAsUser(this, user, context); + // Ensure that cross-user role is only available if also available for + // the profile-group's full user + if (isAvailableAsUser && getExclusivity() == EXCLUSIVITY_PROFILE_GROUP) { + UserHandle profileParent = UserUtils.getProfileParentOrSelf(user, context); + if (!Objects.equals(profileParent, user) + && !mBehavior.isAvailableAsUser(this, profileParent, context)) { + throw new IllegalArgumentException("Role is not available for profile parent: " + + profileParent.getIdentifier()); + } + } + return isAvailableAsUser; } return true; } diff --git a/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java b/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java index 1b6926ef8..f3cb7926a 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java +++ b/PermissionController/role-controller/java/com/android/role/controller/util/UserUtils.java @@ -24,6 +24,7 @@ import android.os.UserHandle; import android.os.UserManager; import androidx.annotation.NonNull; +import androidx.annotation.Nullable; import com.android.modules.utils.build.SdkLevel; @@ -111,4 +112,24 @@ public final class UserUtils { return context.createContextAsUser(user, 0); } } + + /** + * Returns the parent of a given user, or user if it has no parent (e.g. it is the primary + * user) + */ + @NonNull + public static UserHandle getProfileParentOrSelf(@NonNull UserHandle user, + @NonNull Context context) { + UserHandle profileParent = getProfileParent(user, context); + // If profile parent user is null, then original user is the parent + return profileParent != null ? profileParent : user; + } + + /** Returns the parent of a given user. */ + @Nullable + private static UserHandle getProfileParent(UserHandle user, @NonNull Context context) { + Context userContext = getUserContext(context, user); + UserManager userManager = userContext.getSystemService(UserManager.class); + return userManager.getProfileParent(user); + } } |