diff --git a/core/java/android/content/pm/CrossProfileApps.java b/core/java/android/content/pm/CrossProfileApps.java
index edc20d9f65ad6..25f0ff3cd4118 100644
--- a/core/java/android/content/pm/CrossProfileApps.java
+++ b/core/java/android/content/pm/CrossProfileApps.java
@@ -316,14 +316,21 @@ public class CrossProfileApps {
*
* If other changes could have affected the app's ability to interact across profiles, as
* defined by the return value of {@link #canInteractAcrossProfiles()}, such as changes to the
- * admin or OEM consent whitelists, then {@link
- * #resetInteractAcrossProfilesAppOpsIfInvalid(List)} should be used.
+ * admin or OEM consent whitelists, then {@link #resetInteractAcrossProfilesAppOps(Collection,
+ * Set)} should be used.
+ *
+ *
If the caller does not have the {@link android.Manifest.permission
+ * #CONFIGURE_INTERACT_ACROSS_PROFILES} permission, then they must have the permissions that
+ * would have been required to call {@link android.app.AppOpsManager#setMode(int, int, String,
+ * int)}, which includes {@link android.Manifest.permission#MANAGE_APP_OPS_MODES}.
+ *
+ *
Also requires either {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or {@link
+ * android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}.
*
* @hide
*/
@RequiresPermission(
- allOf={android.Manifest.permission.MANAGE_APP_OPS_MODES,
- android.Manifest.permission.UPDATE_APP_OPS_STATS,
+ allOf={android.Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES,
android.Manifest.permission.INTERACT_ACROSS_USERS})
public void setInteractAcrossProfilesAppOp(@NonNull String packageName, @Mode int newMode) {
try {
@@ -360,11 +367,18 @@ public class CrossProfileApps {
* have changed as a result of non-user actions, such as changes to admin or OEM consent
* whitelists.
*
+ *
If the caller does not have the {@link android.Manifest.permission
+ * #CONFIGURE_INTERACT_ACROSS_PROFILES} permission, then they must have the permissions that
+ * would have been required to call {@link android.app.AppOpsManager#setMode(int, int, String,
+ * int)}, which includes {@link android.Manifest.permission#MANAGE_APP_OPS_MODES}.
+ *
+ *
Also requires either {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or {@link
+ * android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}.
+ *
* @hide
*/
@RequiresPermission(
- allOf={android.Manifest.permission.MANAGE_APP_OPS_MODES,
- android.Manifest.permission.UPDATE_APP_OPS_STATS,
+ allOf={android.Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES,
android.Manifest.permission.INTERACT_ACROSS_USERS})
public void resetInteractAcrossProfilesAppOps(
@NonNull Collection previousCrossProfilePackages,
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index ff696715e94db..437aae7f46c5d 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2381,6 +2381,12 @@
+
+
+
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index f83fb3f312e92..76def66efb4e5 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -70,6 +70,7 @@ applications that come with the platform
+
diff --git a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
index 74d2efeceb633..ad037bc092455 100644
--- a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
+++ b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
@@ -56,6 +56,8 @@ import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.app.IAppOpsService;
import com.android.internal.util.ArrayUtils;
+import com.android.internal.util.FunctionalUtils.ThrowingRunnable;
+import com.android.internal.util.FunctionalUtils.ThrowingSupplier;
import com.android.server.LocalServices;
import com.android.server.appop.AppOpsService;
import com.android.server.wm.ActivityTaskManagerInternal;
@@ -276,19 +278,14 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
}
private boolean isCrossProfilePackageWhitelisted(String packageName) {
- final long ident = mInjector.clearCallingIdentity();
- try {
- return mInjector.getDevicePolicyManagerInternal()
- .getAllCrossProfilePackages().contains(packageName);
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ return mInjector.withCleanCallingIdentity(() ->
+ mInjector.getDevicePolicyManagerInternal()
+ .getAllCrossProfilePackages().contains(packageName));
}
private List getTargetUserProfilesUnchecked(
String packageName, @UserIdInt int userId) {
- final long ident = mInjector.clearCallingIdentity();
- try {
+ return mInjector.withCleanCallingIdentity(() -> {
final int[] enabledProfileIds =
mInjector.getUserManager().getEnabledProfileIds(userId);
@@ -303,15 +300,12 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
targetProfiles.add(UserHandle.of(profileId));
}
return targetProfiles;
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ });
}
private boolean isPackageEnabled(String packageName, @UserIdInt int userId) {
final int callingUid = mInjector.getCallingUid();
- final long ident = mInjector.clearCallingIdentity();
- try {
+ return mInjector.withCleanCallingIdentity(() -> {
final PackageInfo info = mInjector.getPackageManagerInternal()
.getPackageInfo(
packageName,
@@ -319,15 +313,12 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
callingUid,
userId);
return info != null && info.applicationInfo.enabled;
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ });
}
private void verifyActivityCanHandleIntent(
Intent launchIntent, int callingUid, @UserIdInt int userId) {
- final long ident = mInjector.clearCallingIdentity();
- try {
+ mInjector.withCleanCallingIdentity(() -> {
final List activities =
mInjector.getPackageManagerInternal().queryIntentActivities(
launchIntent,
@@ -340,9 +331,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
return;
}
throw new SecurityException("Activity cannot handle intent");
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ });
}
/**
@@ -351,8 +340,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
*/
private void verifyActivityCanHandleIntentAndExported(
Intent launchIntent, ComponentName component, int callingUid, @UserIdInt int userId) {
- final long ident = mInjector.clearCallingIdentity();
- try {
+ mInjector.withCleanCallingIdentity(() -> {
final List apps =
mInjector.getPackageManagerInternal().queryIntentActivities(
launchIntent,
@@ -371,9 +359,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
}
throw new SecurityException("Attempt to launch activity without "
+ " category Intent.CATEGORY_LAUNCHER or activity is not exported" + component);
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ });
}
@Override
@@ -385,7 +371,13 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
"INTERACT_ACROSS_USERS or INTERACT_ACROSS_USERS_FULL is required to set the"
+ " app-op for interacting across profiles.");
}
- final int callingUserId = mInjector.getCallingUserId();
+ if (!isPermissionGranted(Manifest.permission.MANAGE_APP_OPS_MODES, callingUid)
+ && !isPermissionGranted(
+ Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES, callingUid)) {
+ throw new SecurityException(
+ "MANAGE_APP_OPS_MODES or CONFIGURE_INTERACT_ACROSS_PROFILES is required to set"
+ + " the app-op for interacting across profiles.");
+ }
if (newMode == AppOpsManager.MODE_ALLOWED
&& !canConfigureInteractAcrossProfiles(packageName)) {
// The user should not be prompted for apps that cannot request to interact across
@@ -395,7 +387,8 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
return;
}
final int[] profileIds =
- mInjector.getUserManager().getProfileIds(callingUserId, /* enabledOnly= */ false);
+ mInjector.getUserManager()
+ .getProfileIds(mInjector.getCallingUserId(), /* enabledOnly= */ false);
for (int profileId : profileIds) {
if (!isPackageInstalled(packageName, profileId)) {
continue;
@@ -406,8 +399,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
private boolean isPackageInstalled(String packageName, @UserIdInt int userId) {
final int callingUid = mInjector.getCallingUid();
- final long identity = mInjector.clearCallingIdentity();
- try {
+ return mInjector.withCleanCallingIdentity(() -> {
final PackageInfo info =
mInjector.getPackageManagerInternal()
.getPackageInfo(
@@ -416,9 +408,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
callingUid,
userId);
return info != null;
- } finally {
- mInjector.restoreCallingIdentity(identity);
- }
+ });
}
private void setInteractAcrossProfilesAppOpForUser(
@@ -440,19 +430,31 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
+ packageName + " on user ID " + userId);
return;
}
- mInjector.getAppOpsManager()
- .setMode(OP_INTERACT_ACROSS_PROFILES,
- uid,
- packageName,
- newMode);
+ final int callingUid = mInjector.getCallingUid();
+ if (isPermissionGranted(
+ Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES, callingUid)) {
+ // Clear calling identity since the CONFIGURE_INTERACT_ACROSS_PROFILES permission allows
+ // this particular app-op to be modified without the broader app-op permissions.
+ mInjector.withCleanCallingIdentity(() ->
+ mInjector.getAppOpsManager()
+ .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode));
+ } else {
+ mInjector.getAppOpsManager()
+ .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode);
+ }
sendCanInteractAcrossProfilesChangedBroadcast(packageName, uid, UserHandle.of(userId));
}
+ /**
+ * Returns whether the given app-op mode is equivalent to the currently-set app-op of the given
+ * package name and UID. Clears identity to avoid permission checks, so ensure the caller does
+ * any necessary permission checks.
+ */
private boolean currentModeEquals(@Mode int otherMode, String packageName, int uid) {
final String op =
AppOpsManager.permissionToOp(Manifest.permission.INTERACT_ACROSS_PROFILES);
- return otherMode ==
- mInjector.getAppOpsManager().unsafeCheckOpNoThrow(op, uid, packageName);
+ return mInjector.withCleanCallingIdentity(() -> otherMode
+ == mInjector.getAppOpsManager().unsafeCheckOpNoThrow(op, uid, packageName));
}
private void sendCanInteractAcrossProfilesChangedBroadcast(
@@ -493,8 +495,7 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
}
private boolean hasOtherProfileWithPackageInstalled(String packageName, @UserIdInt int userId) {
- final long ident = mInjector.clearCallingIdentity();
- try {
+ return mInjector.withCleanCallingIdentity(() -> {
final int[] profileIds =
mInjector.getUserManager().getProfileIds(userId, /* enabledOnly= */ false);
for (int profileId : profileIds) {
@@ -502,10 +503,8 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
return true;
}
}
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
- return false;
+ return false;
+ });
}
@Override
@@ -525,12 +524,8 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
}
private boolean isSameProfileGroup(@UserIdInt int callerUserId, @UserIdInt int userId) {
- final long ident = mInjector.clearCallingIdentity();
- try {
- return mInjector.getUserManager().isSameProfileGroup(callerUserId, userId);
- } finally {
- mInjector.restoreCallingIdentity(ident);
- }
+ return mInjector.withCleanCallingIdentity(() ->
+ mInjector.getUserManager().isSameProfileGroup(callerUserId, userId));
}
/**
@@ -560,42 +555,62 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
mContext = context;
}
+ @Override
public int getCallingUid() {
return Binder.getCallingUid();
}
+ @Override
public int getCallingPid() {
return Binder.getCallingPid();
}
+ @Override
public int getCallingUserId() {
return UserHandle.getCallingUserId();
}
+ @Override
public UserHandle getCallingUserHandle() {
return Binder.getCallingUserHandle();
}
+ @Override
public long clearCallingIdentity() {
return Binder.clearCallingIdentity();
}
+ @Override
public void restoreCallingIdentity(long token) {
Binder.restoreCallingIdentity(token);
}
+ @Override
+ public void withCleanCallingIdentity(ThrowingRunnable action) {
+ Binder.withCleanCallingIdentity(action);
+ }
+
+ @Override
+ public final T withCleanCallingIdentity(ThrowingSupplier action) {
+ return Binder.withCleanCallingIdentity(action);
+ }
+
+ @Override
public UserManager getUserManager() {
return mContext.getSystemService(UserManager.class);
}
+ @Override
public PackageManagerInternal getPackageManagerInternal() {
return LocalServices.getService(PackageManagerInternal.class);
}
+ @Override
public PackageManager getPackageManager() {
return mContext.getPackageManager();
}
+ @Override
public AppOpsManager getAppOpsManager() {
return mContext.getSystemService(AppOpsManager.class);
}
@@ -646,6 +661,10 @@ public class CrossProfileAppsServiceImpl extends ICrossProfileApps.Stub {
void restoreCallingIdentity(long token);
+ void withCleanCallingIdentity(ThrowingRunnable action);
+
+ T withCleanCallingIdentity(ThrowingSupplier action);
+
UserManager getUserManager();
PackageManagerInternal getPackageManagerInternal();
diff --git a/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java b/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java
index 1a7b1d3f6039c..6190802d033d7 100644
--- a/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java
+++ b/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java
@@ -55,6 +55,8 @@ import android.platform.test.annotations.Presubmit;
import androidx.test.core.app.ApplicationProvider;
+import com.android.internal.util.FunctionalUtils.ThrowingRunnable;
+import com.android.internal.util.FunctionalUtils.ThrowingSupplier;
import com.android.server.LocalServices;
import com.android.server.testing.shadows.ShadowApplicationPackageManager;
import com.android.server.testing.shadows.ShadowUserManager;
@@ -190,6 +192,8 @@ public class CrossProfileAppsServiceImplRoboTest {
public void grantPermissions() {
grantPermissions(
Manifest.permission.MANAGE_APP_OPS_MODES,
+ Manifest.permission.UPDATE_APP_OPS_STATS,
+ Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES,
Manifest.permission.INTERACT_ACROSS_USERS,
Manifest.permission.INTERACT_ACROSS_USERS_FULL);
}
@@ -212,10 +216,27 @@ public class CrossProfileAppsServiceImplRoboTest {
explicitlySetInteractAcrossProfilesAppOp(WORK_PROFILE_UID, defaultMode);
}
+ @Test
+ public void setInteractAcrossProfilesAppOp_noPermissions_throwsSecurityException() {
+ denyPermissions(
+ Manifest.permission.MANAGE_APP_OPS_MODES,
+ Manifest.permission.UPDATE_APP_OPS_STATS,
+ Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES,
+ Manifest.permission.INTERACT_ACROSS_USERS,
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ try {
+ mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
+ CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
+ fail();
+ } catch (SecurityException expected) {}
+ }
+
@Test
public void setInteractAcrossProfilesAppOp_missingInteractAcrossUsersAndFull_throwsSecurityException() {
- denyPermissions(Manifest.permission.INTERACT_ACROSS_USERS);
- denyPermissions(Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ denyPermissions(
+ Manifest.permission.INTERACT_ACROSS_USERS,
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ grantPermissions(Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES);
try {
mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
@@ -230,9 +251,39 @@ public class CrossProfileAppsServiceImplRoboTest {
assertThat(getCrossProfileAppOp()).isEqualTo(MODE_ALLOWED);
}
+ @Test
+ public void setInteractAcrossProfilesAppOp_configureInteractAcrossProfilesPermissionWithoutAppOpsPermissions_setsAppOp() {
+ denyPermissions(
+ Manifest.permission.MANAGE_APP_OPS_MODES,
+ Manifest.permission.UPDATE_APP_OPS_STATS);
+ grantPermissions(
+ Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES,
+ Manifest.permission.INTERACT_ACROSS_USERS);
+
+ mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
+ CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
+
+ assertThat(getCrossProfileAppOp()).isEqualTo(MODE_ALLOWED);
+ }
+
+ @Test
+ public void setInteractAcrossProfilesAppOp_appOpsPermissionsWithoutConfigureInteractAcrossProfilesPermission_setsAppOp() {
+ denyPermissions(Manifest.permission.CONFIGURE_INTERACT_ACROSS_PROFILES);
+ grantPermissions(
+ Manifest.permission.MANAGE_APP_OPS_MODES,
+ Manifest.permission.UPDATE_APP_OPS_STATS,
+ Manifest.permission.INTERACT_ACROSS_USERS);
+
+ mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
+ CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
+
+ assertThat(getCrossProfileAppOp()).isEqualTo(MODE_ALLOWED);
+ }
+
@Test
public void setInteractAcrossProfilesAppOp_setsAppOpWithUsersAndWithoutFull() {
denyPermissions(Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ grantPermissions(Manifest.permission.INTERACT_ACROSS_USERS);
mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
assertThat(getCrossProfileAppOp()).isEqualTo(MODE_ALLOWED);
@@ -241,6 +292,7 @@ public class CrossProfileAppsServiceImplRoboTest {
@Test
public void setInteractAcrossProfilesAppOp_setsAppOpWithFullAndWithoutUsers() {
denyPermissions(Manifest.permission.INTERACT_ACROSS_USERS);
+ grantPermissions(Manifest.permission.INTERACT_ACROSS_USERS_FULL);
mCrossProfileAppsServiceImpl.setInteractAcrossProfilesAppOp(
CROSS_PROFILE_APP_PACKAGE_NAME, MODE_ALLOWED);
assertThat(getCrossProfileAppOp()).isEqualTo(MODE_ALLOWED);
@@ -478,6 +530,16 @@ public class CrossProfileAppsServiceImplRoboTest {
@Override
public void restoreCallingIdentity(long token) {}
+ @Override
+ public void withCleanCallingIdentity(ThrowingRunnable action) {
+ action.run();
+ }
+
+ @Override
+ public T withCleanCallingIdentity(ThrowingSupplier action) {
+ return action.get();
+ }
+
@Override
public UserManager getUserManager() {
return mUserManager;
diff --git a/services/tests/servicestests/src/com/android/server/pm/CrossProfileAppsServiceImplTest.java b/services/tests/servicestests/src/com/android/server/pm/CrossProfileAppsServiceImplTest.java
index 91cc9f35da1e8..ef87e55742759 100644
--- a/services/tests/servicestests/src/com/android/server/pm/CrossProfileAppsServiceImplTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/CrossProfileAppsServiceImplTest.java
@@ -35,6 +35,8 @@ import android.os.UserManager;
import android.platform.test.annotations.Presubmit;
import android.util.SparseArray;
+import com.android.internal.util.FunctionalUtils.ThrowingRunnable;
+import com.android.internal.util.FunctionalUtils.ThrowingSupplier;
import com.android.server.wm.ActivityTaskManagerInternal;
import org.junit.Before;
@@ -573,6 +575,16 @@ public class CrossProfileAppsServiceImplTest {
public void restoreCallingIdentity(long token) {
}
+ @Override
+ public void withCleanCallingIdentity(ThrowingRunnable action) {
+ action.run();
+ }
+
+ @Override
+ public T withCleanCallingIdentity(ThrowingSupplier action) {
+ return action.get();
+ }
+
@Override
public UserManager getUserManager() {
return mUserManager;