diff options
author | Alex Johnston <acjohnston@google.com> | 2023-08-14 08:22:28 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-10-11 22:49:43 +0000 |
commit | e2e05f488da6abc765a62e7faf10cb74e729732e (patch) | |
tree | 51eb8a4949a24963fc118d7a2e5ba4b2eda58349 | |
parent | 4d71fa0cd4459f7bfed4808c53d3c62a96e32aa6 (diff) | |
download | base-e2e05f488da6abc765a62e7faf10cb74e729732e.tar.gz |
Make getCredentialManagerPolicy user handle aware
Bug: 294228721
Test: android.credentials.cts.CtsDevicePolicyTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0951b28bd94a514eded9503d802228a3591579d6)
Merged-In: I167238e9cccb818643bc491ef56d40e042d80035
Change-Id: I167238e9cccb818643bc491ef56d40e042d80035
3 files changed, 11 insertions, 4 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index da5e40aedbd2..c561e4b54b01 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -10335,11 +10335,14 @@ public class DevicePolicyManager { * @return the current credential manager policy if null then this policy has not been * configured. */ + @UserHandleAware( + enabledSinceTargetSdkVersion = UPSIDE_DOWN_CAKE, + requiresPermissionIfNotCaller = INTERACT_ACROSS_USERS) public @Nullable PackagePolicy getCredentialManagerPolicy() { throwIfParentInstance("getCredentialManagerPolicy"); if (mService != null) { try { - return mService.getCredentialManagerPolicy(); + return mService.getCredentialManagerPolicy(myUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 003e804831a4..d908d65ea850 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -344,7 +344,7 @@ interface IDevicePolicyManager { boolean hasManagedProfileCallerIdAccess(int userId, String packageName); void setCredentialManagerPolicy(in PackagePolicy policy); - PackagePolicy getCredentialManagerPolicy(); + PackagePolicy getCredentialManagerPolicy(int userId); void setManagedProfileContactsAccessPolicy(in PackagePolicy policy); PackagePolicy getManagedProfileContactsAccessPolicy(); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 51e4fe3027f3..23a1d4e0b37b 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -16646,16 +16646,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public PackagePolicy getCredentialManagerPolicy() { + public PackagePolicy getCredentialManagerPolicy(int userId) { if (!mHasFeature) { return null; } final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( canWriteCredentialManagerPolicy(caller) || canQueryAdminPolicy(caller)); + if (userId != caller.getUserId()) { + Preconditions.checkCallAuthorization( + hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS)); + } synchronized (getLockObject()) { - ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()); + ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userId); return (admin != null) ? admin.mCredentialManagerPolicy : null; } } |