Add checks URIs for content from other users.
Fail for users that are not profiles of the current user.
Test: atest DefaultRingtonePreferenceTest
Bug: 299614635
Change-Id: Ib266b285a3a1c6c5265ae2321159e61e08e349f6
Merged-In: Ib266b285a3a1c6c5265ae2321159e61e08e349f6
When LockPatternUtils#setLockCredential() fails, it can either return
false or throw an exception. Catch the exception and treat it the same
way as a false return value, to prevent crashing com.android.settings.
Bug: 253043065
Test: Tried setting lockscreen credential while in secure FRP mode using
smartlock setup activity launched by intent via adb. Verified
that com.android.settings no longer crashes due to the exception
from LockPatternUtils#setLockCredential().
Change-Id: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
(cherry picked from commit 05f1eff1c9)
(moved change into ChooseLockPassword.java and ChooseLockPattern.java,
which are merged into SaveAndFinishWorker.java on udc-qpr-dev and main)
Merged-In: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
When LockPatternUtils#setLockCredential() fails, it can either return
false or throw an exception. Catch the exception and treat it the same
way as a false return value, to prevent crashing com.android.settings.
Bug: 253043065
Test: Tried setting lockscreen credential while in secure FRP mode using
smartlock setup activity launched by intent via adb. Verified
that com.android.settings no longer crashes due to the exception
from LockPatternUtils#setLockCredential().
Change-Id: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
(cherry picked from commit 05f1eff1c9)
(moved change into ChooseLockPassword.java and ChooseLockPattern.java,
which are merged into SaveAndFinishWorker.java on udc-qpr-dev and main)
Merged-In: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
When LockPatternUtils#setLockCredential() fails, it can either return
false or throw an exception. Catch the exception and treat it the same
way as a false return value, to prevent crashing com.android.settings.
Bug: 253043065
Test: Tried setting lockscreen credential while in secure FRP mode using
smartlock setup activity launched by intent via adb. Verified
that com.android.settings no longer crashes due to the exception
from LockPatternUtils#setLockCredential().
Change-Id: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
(cherry picked from commit 05f1eff1c9)
(moved change into ChooseLockPassword.java and ChooseLockPattern.java,
which are merged into SaveAndFinishWorker.java on udc-qpr-dev and main)
Merged-In: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
When LockPatternUtils#setLockCredential() fails, it can either return
false or throw an exception. Catch the exception and treat it the same
way as a false return value, to prevent crashing com.android.settings.
Bug: 253043065
Test: Tried setting lockscreen credential while in secure FRP mode using
smartlock setup activity launched by intent via adb. Verified
that com.android.settings no longer crashes due to the exception
from LockPatternUtils#setLockCredential().
Change-Id: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
(cherry picked from commit 05f1eff1c9)
(moved change into ChooseLockPassword.java and ChooseLockPattern.java,
which are merged into SaveAndFinishWorker.java on udc-qpr-dev and main)
Merged-In: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
- Finish ApnEditor settings if user is not an admin
- Finish ApnEditor settings if user has DISALLOW_CONFIG_MOBILE_NETWORKS restriction
Bug: 279902472
Test: manual test
make RunSettingsRoboTests ROBOTEST_FILTER=ApnEditorTest
Change-Id: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04
- Finish ApnEditor settings if user is not an admin
- Finish ApnEditor settings if user has DISALLOW_CONFIG_MOBILE_NETWORKS restriction
Bug: 279902472
Test: manual test
atest -c ApnEditorTest
Change-Id: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04
* NotificationAccessConfirmationActivity (triggered through CompanionDeviceManager) -> Don't show the dialog, bail out early similarly to other invalid inputs.
* NotificationAccessSettings (from Special App Access) -> No changes, but use the canonical constant now.
* ApprovalPreferenceController (used in NotificationAccessDetails) -> Disable the toggle, unless the NLS was previously approved (in which case it can still be removed).
Fixes: 260570119
Fixes: 286043036
Test: atest + manually
Change-Id: Ifc048311746c027e3683cdcf65f1079d04cf7c56
Merged-In: Ifc048311746c027e3683cdcf65f1079d04cf7c56
* NotificationAccessConfirmationActivity (triggered through CompanionDeviceManager) -> Don't show the dialog, bail out early similarly to other invalid inputs.
* NotificationAccessSettings (from Special App Access) -> No changes, but use the canonical constant now.
* NotificationAccessDetails -> Disable the toggle, unless the NLS was previously approved (in which case it can still be removed).
Fixes: 260570119
Fixes: 286043036
Test: atest + manually
Change-Id: Ifc048311746c027e3683cdcf65f1079d04cf7c56
Merged-In: Ifc048311746c027e3683cdcf65f1079d04cf7c56
Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.
This CL ensures KeyEvent on "Activate" button can only come from system
apps.
Bug: 280793427
Test: atest DeviceAdminActivationTest
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
(cherry picked from commit 70a501d02e)
Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.
This CL ensures KeyEvent on "Activate" button can only come from system
apps.
Bug: 280793427
Test: atest DeviceAdminActivationTest
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
(cherry picked from commit 70a501d02e)
Note that an NLS that shouldn't be approvable (because its name is too long) but was already approved (either before the max length check was introduced, or through other means) will disappear from the list if the user revokes its access. This might be somewhat confusing, but since this is a very-edge case already it's fine.
Bug: 282932362
Test: manual
Change-Id: I4c9faea68e6d16b1a4ec7f472b5433cac1704c06
Note that an NLS that shouldn't be approvable (because its name is too long) but was already approved (either before the max length check was introduced, or through other means) will disappear from the list if the user revokes its access. This might be somewhat confusing, but since this is a very-edge case already it's fine.
Bug: 282932362
Test: manual
Change-Id: Iccfe7b53d643d6c9f9516f91d3cee3309b11551e
Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.
This CL ensures KeyEvent on "Activate" button can only come from system
apps.
Bug: 280793427
Test: atest DeviceAdminActivationTest
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
(cherry picked from commit 70a501d02e)
Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.
This CL ensures KeyEvent on "Activate" button can only come from system
apps.
Bug: 280793427
Test: atest DeviceAdminActivationTest
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
(cherry picked from commit 70a501d02e)
When DISALLOW_CONFIG_LOCATION is set, make location service's
MainSwitchPreference pages for wifi scanning and bluetooth scanning
unavailable too, so that intent direct access is disabled.
screenshot: http://shortn/_kkK3BMTSh1
Bug: 277333746
Bug: 277333781
Test: atest SettingsRoboTests, on device
Change-Id: I52f9a11b1dd78a5e5dbb1bbde3cda7381c87ae39
Test: install test app with long CN
Test: ServiceListingTest
Bug: 260570119
Change-Id: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Merged-In: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Test: install test app with long CN
Test: ServiceListingTest
Bug: 260570119
Change-Id: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Merged-In: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Test: install test app with long CN
Test: ServiceListingTest
Bug: 260570119
Change-Id: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Merged-In: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.
Bug: 259385017
Test: 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra android.intent.extra.user_handle to UserHandle(secondaryUserId).
2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
4. Switch back to the Owner user.
5. Get the userId of the secondary user: adb shell pm list users.
6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
8. In the settings window that open, enable all 4 sub-options.
9. Switch to the secondary user and note that the all sub-options for the app are disabled.
Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Merged-In: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.
Bug: 259385017
Test: 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra android.intent.extra.user_handle to UserHandle(secondaryUserId).
2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
4. Switch back to the Owner user.
5. Get the userId of the secondary user: adb shell pm list users.
6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
8. In the settings window that open, enable all 4 sub-options.
9. Switch to the secondary user and note that the all sub-options for the app are disabled.
Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Settings App info page supports a "Uninstall for all users" function
when multiple users are enabled. It bypasses the restriction of
DISALLOW_APPS_CONTROL which breaks the user isolation guideline.
To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL
restriction to provide the "Uninstall for all users" function.
Bug: 258653813
Test: manual & robotests
Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Settings App info page supports a "Uninstall for all users" function
when multiple users are enabled. It bypasses the restriction of
DISALLOW_APPS_CONTROL which breaks the user isolation guideline.
To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL
restriction to provide the "Uninstall for all users" function.
Bug: 258653813
Test: manual & robotests
Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
