Merge "Check flags for user in SoftRestrictedPermPolicy" into qt-dev

2019-06-18 02:59:17 +00:00
parent 702c5199f9 69b645ff5b
commit 674e1600c9
3 changed files with 7 additions and 4 deletions
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2129,7 +2129,7 @@ public class PermissionManagerService {
        }

        if (bp.isSoftRestricted() && !SoftRestrictedPermissionPolicy.forPermission(mContext,
-                pkg.applicationInfo, permName).canBeGranted()) {
+                pkg.applicationInfo, UserHandle.of(userId), permName).canBeGranted()) {
            Log.e(TAG, "Cannot grant soft restricted permission " + permName + " for package "
                    + packageName);
            return;
--- a/services/core/java/com/android/server/policy/PermissionPolicyService.java
+++ b/services/core/java/com/android/server/policy/PermissionPolicyService.java
@@ -414,7 +414,7 @@ public final class PermissionPolicyService extends SystemService {
            } else if (permissionInfo.isSoftRestricted()) {
                final SoftRestrictedPermissionPolicy policy =
                        SoftRestrictedPermissionPolicy.forPermission(mContext, pkg.applicationInfo,
-                                permission);
+                                mContext.getUser(), permission);

                if (opCode != OP_NONE) {
                    if (policy.canBeGranted()) {
--- a/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java
+++ b/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java
@@ -33,6 +33,7 @@ import android.app.AppOpsManager;
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
 import android.os.Build;
+import android.os.UserHandle;

 /**
 * The behavior of soft restricted permissions is different for each permission. This class collects
@@ -75,12 +76,14 @@ public abstract class SoftRestrictedPermissionPolicy {
     *
     * @param context A context to use
     * @param appInfo The application the permission belongs to
+     * @param user The user the app belongs to
     * @param permission The name of the permission
     *
     * @return The policy for this permission
     */
    public static @NonNull SoftRestrictedPermissionPolicy forPermission(@NonNull Context context,
-            @NonNull ApplicationInfo appInfo, @NonNull String permission) {
+            @NonNull ApplicationInfo appInfo, @NonNull UserHandle user,
+            @NonNull String permission) {
        switch (permission) {
            // Storage uses a special app op to decide the mount state and supports soft restriction
            // where the restricted state allows the permission but only for accessing the medial
@@ -88,7 +91,7 @@ public abstract class SoftRestrictedPermissionPolicy {
            case READ_EXTERNAL_STORAGE:
            case WRITE_EXTERNAL_STORAGE: {
                int flags = context.getPackageManager().getPermissionFlags(
-                        permission, appInfo.packageName, context.getUser());
+                        permission, appInfo.packageName, user);
                boolean applyRestriction = (flags & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;
                boolean isWhiteListed = (flags & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0;
                boolean hasRequestedLegacyExternalStorage =