Changed INTERACT_ACROSS_PROFILES appop to be set per UID
In some cases, enforceCrossUserOrProfilePermission fails for packages
which have INTERACT_ACROSS_PROFILE appop granted if it shares the uid
with another package that doesn't hold the permission,
this is because getPackagesForUid is used to get the
callingPackage which could return either packages randomly.
I've changed setting the appop to be per uid instead of per package,
Test: manual testing
Bug: 183188804
Bug: 183730243
Change-Id: I7a72c1d3abd1f83924865326797630ded2f2040f
diff --git a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
index 1d73abc..e93dc40 100644
--- a/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
+++ b/services/core/java/com/android/server/pm/CrossProfileAppsServiceImpl.java
@@ -482,16 +482,16 @@
// this particular app-op to be modified without the broader app-op permissions.
mInjector.withCleanCallingIdentity(() ->
mInjector.getAppOpsManager()
- .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode));
+ .setUidMode(OP_INTERACT_ACROSS_PROFILES, uid, newMode));
} else {
mInjector.getAppOpsManager()
- .setMode(OP_INTERACT_ACROSS_PROFILES, uid, packageName, newMode);
+ .setUidMode(OP_INTERACT_ACROSS_PROFILES, uid, newMode);
}
// Kill the UID before sending the broadcast to ensure that apps can be informed when
// their app-op has been revoked.
maybeKillUid(packageName, uid, hadPermission);
- sendCanInteractAcrossProfilesChangedBroadcast(packageName, uid, UserHandle.of(profileId));
- maybeLogSetInteractAcrossProfilesAppOp(packageName, newMode, logMetrics, uid);
+ sendCanInteractAcrossProfilesChangedBroadcast(packageName, UserHandle.of(profileId));
+ maybeLogSetInteractAcrossProfilesAppOp(packageName, newMode, logMetrics);
}
/**
@@ -509,7 +509,7 @@
}
private void maybeLogSetInteractAcrossProfilesAppOp(
- String packageName, @Mode int newMode, boolean logMetrics, int uid) {
+ String packageName, @Mode int newMode, boolean logMetrics) {
if (!logMetrics) {
return;
}
@@ -517,7 +517,7 @@
.createEvent(DevicePolicyEnums.SET_INTERACT_ACROSS_PROFILES_APP_OP)
.setStrings(packageName)
.setInt(newMode)
- .setBoolean(appDeclaresCrossProfileAttribute(uid))
+ .setBoolean(appDeclaresCrossProfileAttribute(packageName))
.write();
}
@@ -533,10 +533,10 @@
}
private void sendCanInteractAcrossProfilesChangedBroadcast(
- String packageName, int uid, UserHandle userHandle) {
+ String packageName, UserHandle userHandle) {
final Intent intent =
new Intent(ACTION_CAN_INTERACT_ACROSS_PROFILES_CHANGED).setPackage(packageName);
- if (appDeclaresCrossProfileAttribute(uid)) {
+ if (appDeclaresCrossProfileAttribute(packageName)) {
intent.addFlags(
Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND | Intent.FLAG_RECEIVER_FOREGROUND);
} else {
@@ -553,8 +553,8 @@
.queryBroadcastReceiversAsUser(intent, /* flags= */ 0, userHandle);
}
- private boolean appDeclaresCrossProfileAttribute(int uid) {
- return mInjector.getPackageManagerInternal().getPackage(uid).isCrossProfile();
+ private boolean appDeclaresCrossProfileAttribute(String packageName) {
+ return mInjector.getPackageManagerInternal().getPackage(packageName).isCrossProfile();
}
@Override
