Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am bfca5f40: am 266303fd: Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev

Browse Source 
automerge: 07b87e5

* commit '07b87e537da3ec658235fe1d874c7dba5b4d696d':
  Avoid SecurityException when calling getUserData
This commit is contained in:
Benjamin Franz
2015-01-23 14:46:31 +00:00
committed by android-build-merger
parent 0db053a33c 07b87e537d
commit cd7b506c19
1 changed files with 42 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -991,6 +991,25 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
/**
* Creates and loads the policy data from xml for data that is shared between
* various profiles of a user. In contrast to {@link #getUserData(int)}
* it allows access to data of users other than the calling user.
*
* This function should only be used for shared data, e.g. everything regarding
* passwords and should be removed once multiple screen locks are present.
* @param userHandle the user for whom to load the policy data
* @return
*/
DevicePolicyData getUserDataUnchecked(int userHandle) {
long ident = Binder.clearCallingIdentity();
try {
return getUserData(userHandle);
} finally {
Binder.restoreCallingIdentity(ident);
}
}
void removeUserData(int userHandle) {
synchronized (this) {
if (userHandle == UserHandle.USER_OWNER) {
@@ -1931,7 +1950,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -1978,7 +1997,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2025,7 +2044,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2086,7 +2105,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2184,7 +2203,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2241,7 +2260,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2285,7 +2304,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2332,7 +2351,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2379,7 +2398,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2426,7 +2445,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2473,7 +2492,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2498,8 +2517,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// If the user this is called from is part of a profile group, that is the parent
// of the group.
UserInfo parent = getProfileParent(userHandle);
int id = parent == null ? userHandle : parent.id;
DevicePolicyData policy = getUserData(id);
int id = (parent == null) ? userHandle : parent.id;
DevicePolicyData policy = getUserDataUnchecked(id);
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
@@ -2529,7 +2548,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
// The active password is stored in the parent.
DevicePolicyData policy = getUserData(getProfileParent(userHandle).id);
UserInfo parent = getProfileParent(userHandle);
int id = (parent == null) ? userHandle : parent.id;
DevicePolicyData policy = getUserDataUnchecked(id);
return policy.mFailedPasswordAttempts;
}
@@ -2592,7 +2613,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
int count = 0;
ActiveAdmin strictestAdmin = null;
for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
for (ActiveAdmin admin : policy.mAdminList) {
if (admin.maximumFailedPasswordsForWipe ==
ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
@@ -2805,7 +2826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -3127,7 +3148,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
int profileId = userInfo.id;
DevicePolicyData policy = getUserData(profileId);
DevicePolicyData policy = getUserDataUnchecked(profileId);
final int N = policy.mAdminList.size();
if (N > 0) {
for (int i=0; i<N; i++) {
@@ -4247,7 +4268,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// and return null.
boolean allAdminsHaveOptions = true;
for (UserInfo userInfo : profiles) {
DevicePolicyData policy = getUserData(userInfo.id);
DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i < N; i++) {
final ActiveAdmin active = policy.mAdminList.get(i);
@@ -4477,7 +4498,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
for (int i = 0; i < PROFILES_SIZE; ++i) {
// Just loop though all admins, only device or profiles
// owners can have permitted lists set.
DevicePolicyData policy = getUserData(profiles.get(i).id);
DevicePolicyData policy = getUserDataUnchecked(profiles.get(i).id);
final int N = policy.mAdminList.size();
for (int j = 0; j < N; j++) {
ActiveAdmin admin = policy.mAdminList.get(j);
@@ -4637,7 +4658,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
for (int i = 0; i < PROFILES_SIZE; ++i) {
// Just loop though all admins, only device or profiles
// owners can have permitted lists set.
DevicePolicyData policy = getUserData(profiles.get(i).id);
DevicePolicyData policy = getUserDataUnchecked(profiles.get(i).id);
final int N = policy.mAdminList.size();
for (int j = 0; j < N; j++) {
ActiveAdmin admin = policy.mAdminList.get(j);
@@ -5420,7 +5441,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return Collections.emptyList();
}
DevicePolicyData policy = getUserData(profileId);
DevicePolicyData policy = getUserDataUnchecked(profileId);
ActiveAdmin admin = policy.mAdminMap.get(ownerComponent);
if (admin == null || admin.crossProfileWidgetProviders == null