Merge "Lock down access to getProfiles for 3P apps" into nyc-dev
am: d67ac0a
* commit 'd67ac0a9060468973157d76cac01cf35fa722527':
Lock down access to getProfiles for 3P apps
Change-Id: Iecf9c66410656cf9af42f35a78f0a0339db981f9
This commit is contained in:
Fyodor Kupolov
@@ -467,13 +467,16 @@ public class UserManagerService extends IUserManager.Stub {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserInfo> getProfiles(int userId, boolean enabledOnly) {
|
public List<UserInfo> getProfiles(int userId, boolean enabledOnly) {
|
||||||
|
boolean returnFullInfo = true;
|
||||||
if (userId != UserHandle.getCallingUserId()) {
|
if (userId != UserHandle.getCallingUserId()) {
|
||||||
checkManageUsersPermission("getting profiles related to user " + userId);
|
checkManageUsersPermission("getting profiles related to user " + userId);
|
||||||
|
} else {
|
||||||
|
returnFullInfo = hasManageUsersPermission();
|
||||||
}
|
}
|
||||||
final long ident = Binder.clearCallingIdentity();
|
final long ident = Binder.clearCallingIdentity();
|
||||||
try {
|
try {
|
||||||
synchronized (mUsersLock) {
|
synchronized (mUsersLock) {
|
||||||
return getProfilesLU(userId, enabledOnly);
|
return getProfilesLU(userId, enabledOnly, returnFullInfo);
|
||||||
}
|
}
|
||||||
} finally {
|
} finally {
|
||||||
Binder.restoreCallingIdentity(ident);
|
Binder.restoreCallingIdentity(ident);
|
||||||
@@ -481,7 +484,7 @@ public class UserManagerService extends IUserManager.Stub {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Assume permissions already checked and caller's identity cleared */
|
/** Assume permissions already checked and caller's identity cleared */
|
||||||
private List<UserInfo> getProfilesLU(int userId, boolean enabledOnly) {
|
private List<UserInfo> getProfilesLU(int userId, boolean enabledOnly, boolean fullInfo) {
|
||||||
UserInfo user = getUserInfoLU(userId);
|
UserInfo user = getUserInfoLU(userId);
|
||||||
ArrayList<UserInfo> users = new ArrayList<UserInfo>(mUsers.size());
|
ArrayList<UserInfo> users = new ArrayList<UserInfo>(mUsers.size());
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
@@ -503,7 +506,14 @@ public class UserManagerService extends IUserManager.Stub {
|
|||||||
if (profile.partial) {
|
if (profile.partial) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
users.add(userWithName(profile));
|
UserInfo userInfo = userWithName(profile);
|
||||||
|
// If full info is not required - clear PII data to prevent 3P apps from reading it
|
||||||
|
if (!fullInfo) {
|
||||||
|
userInfo = new UserInfo(userInfo);
|
||||||
|
userInfo.name = null;
|
||||||
|
userInfo.iconPath = null;
|
||||||
|
}
|
||||||
|
users.add(userInfo);
|
||||||
}
|
}
|
||||||
return users;
|
return users;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user