Ensure calling user is the same as requested user.

This prevents any cross-user requests. Cross-user requests are already not allowed, but due to a bug elsewhere in the code. This intentionally handles the case and also throws a SecurityException. Bug: 193903221 Test: presubmit Test: manually checked cross-user requests get an exception. Change-Id: I5bd867b86b972452daa2d8253f3c19f059a8a4b3
2021-07-16 13:03:19 -07:00
parent 5235bc493d
commit 3ce6aba403
1 changed files with 4 additions and 22 deletions
--- a/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java
+++ b/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java
@@ -18,7 +18,6 @@ package com.android.server.appsearch;
 import static android.app.appsearch.AppSearchResult.throwableToFailedResult;
 import static android.os.Process.INVALID_UID;

-import android.Manifest;
 import android.annotation.ElapsedRealtimeLong;
 import android.annotation.NonNull;
 import android.app.appsearch.AppSearchBatchResult;
@@ -1354,43 +1353,26 @@ public class AppSearchManagerService extends SystemService {
    /**
     * Helper for dealing with incoming user arguments to system service calls.
     *
-     * <p>Takes care of checking permissions and converting USER_CURRENT to the actual current user.
-     *
     * @param requestedUser The user which the caller is requesting to execute as.
     * @param callingUid The actual uid of the caller as determined by Binder.
     * @return the user handle that the call should run as. Will always be a concrete user.
     */
    @NonNull
    private UserHandle handleIncomingUser(@NonNull UserHandle requestedUser, int callingUid) {
-        int callingPid = Binder.getCallingPid();
        UserHandle callingUser = UserHandle.getUserHandleForUid(callingUid);
        if (callingUser.equals(requestedUser)) {
            return requestedUser;
        }
+
        // Duplicates UserController#ensureNotSpecialUser
        if (requestedUser.getIdentifier() < 0) {
            throw new IllegalArgumentException(
                    "Call does not support special user " + requestedUser);
        }
-        boolean canInteractAcrossUsers = mContext.checkPermission(
-                Manifest.permission.INTERACT_ACROSS_USERS,
-                callingPid,
-                callingUid) == PackageManager.PERMISSION_GRANTED;
-        if (!canInteractAcrossUsers) {
-            canInteractAcrossUsers = mContext.checkPermission(
-                    Manifest.permission.INTERACT_ACROSS_USERS_FULL,
-                    callingPid,
-                    callingUid) == PackageManager.PERMISSION_GRANTED;
-        }
-        if (canInteractAcrossUsers) {
-            return requestedUser;
-        }
+
        throw new SecurityException(
-                "Permission denied while calling from uid " + callingUid
-                        + " with " + requestedUser + "; Need to run as either the calling user ("
-                        + callingUser + "), or with one of the following permissions: "
-                        + Manifest.permission.INTERACT_ACROSS_USERS + " or "
-                        + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+                "Requested user, " + requestedUser + ", is not the same as the calling user, "
+                        + callingUser + ".");
    }

    /**