From 0e8a572d5f6abd4dfcf602815d111dd1c2dba19f Mon Sep 17 00:00:00 2001
From: kholoud mohamed <kholoudm@google.com>
Date: Wed, 22 Apr 2020 16:02:48 +0100
Subject: [PATCH] Fix Exception message in UserController#handleIncomingUser

Currently the security exception message always states that
you need INTERACT_ACROSS_USERS if allowMode is not ALLOW_FULL_ONLY.
This is incorrect for allowModes ALLOW_NON_FULL_IN_PROFILE and
ALLOW_ALL_PROFILE_PERMISSIONS_IN_PROFILE, in that case the two
users need to be in the same profile group.

Fixes: 154710776
Test: checked the security message with different permissions
Change-Id: I28977b8f9f9463f6bfa4ea88db0d82c5a7d18057
---
 .../core/java/com/android/server/am/UserController.java     | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 546025a2498fa..85c41907e333b 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -1877,8 +1877,10 @@ class UserController implements Handler.Callback {
                     builder.append("; this requires ");
                     builder.append(INTERACT_ACROSS_USERS_FULL);
                     if (allowMode != ALLOW_FULL_ONLY) {
-                        builder.append(" or ");
-                        builder.append(INTERACT_ACROSS_USERS);
+                        if (allowMode == ALLOW_NON_FULL || isSameProfileGroup) {
+                            builder.append(" or ");
+                            builder.append(INTERACT_ACROSS_USERS);
+                        }
                         if (isSameProfileGroup
                                 && allowMode == ALLOW_ALL_PROFILE_PERMISSIONS_IN_PROFILE) {
                             builder.append(" or ");