DO NOT MERGE. Add a permissions check to LocationManagerService.
Prevents apps from reading location requests of other users without INTERACT_ACROSS_USERS permission.
Bug: 222473855
Test: Build
Change-Id: Id591cd39ed7813c649b44d4a3210f0b1fb79b40d
(cherry picked from commit 16560c093091b7ab390c16137618da6fd916d44e)
(cherry picked from commit 5b376bc9fd51e1a39fd5e1bd6a698c7cb2b9b3d4)
Merged-In: Id591cd39ed7813c649b44d4a3210f0b1fb79b40d
diff --git a/services/core/java/com/android/server/location/LocationManagerService.java b/services/core/java/com/android/server/location/LocationManagerService.java
index e6210b2..fe5b94a 100644
--- a/services/core/java/com/android/server/location/LocationManagerService.java
+++ b/services/core/java/com/android/server/location/LocationManagerService.java
@@ -17,6 +17,7 @@
package com.android.server.location;
import static android.Manifest.permission.ACCESS_FINE_LOCATION;
+import static android.Manifest.permission.INTERACT_ACROSS_USERS;
import static android.app.compat.CompatChanges.isChangeEnabled;
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
import static android.content.pm.PackageManager.MATCH_SYSTEM_ONLY;
@@ -39,6 +40,7 @@
import android.Manifest.permission;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
import android.app.ActivityManager;
import android.app.AppOpsManager;
import android.app.PendingIntent;
@@ -1063,8 +1065,10 @@
@Override
public void addProviderRequestListener(IProviderRequestListener listener) {
- for (LocationProviderManager manager : mProviderManagers) {
- manager.addProviderRequestListener(listener);
+ if (mContext.checkCallingOrSelfPermission(INTERACT_ACROSS_USERS) == PERMISSION_GRANTED) {
+ for (LocationProviderManager manager : mProviderManagers) {
+ manager.addProviderRequestListener(listener);
+ }
}
}
