Update Traceur to check admin user status
This change updates Traceur to check for admin user privileges wherever
a developer options check occurs. This is intended to address the case
in which developer options (a global setting not differentiated on
current user privileges) being enabled would allow guest users to open
Traceur through a 3P app and view its trace files. This would previously
be possible even when ADB debugging was disabled by the admin user.
Traceur now listens for user changes so that its document root
(containing traces) is enabled/disabled based on the new user's admin
status.
This change also includes a partial fix for a previous less-severe
security vulnerability (developer options checks; terminating ongoing
traces if the state of developer options changes). The entire fix is not
included because the full vulnerability did not exist in this branch.
Because Traceur is a platform app in R, a separate change to grant
MANAGE_USERS access in the privapp permissions allowlist is /not/
required (as in S).
Test: On a local CF build (cf_x86_64_phone-userdebug), explictly
enable multi-user + apply aosp/1625022 and check that:
- CtsIntentSignatureTestCases passes (b/270791503)
- TraceurUiTests passes
- Traceur cannot be opened through 'am start' on a guest account
- Opening Files on a guest account no longer shows a System Traces
folder (even if Traceur's onCreate is somehow called)
- System tracing no longer appears in settings for guests
Bug: 262243665
Bug: 262244249
Bug: 204992293
Bug: 160155846
Ignore-AOSP-First: Internal-first security fix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0c0b30d30dfad851cdce35e1b9097b62fffabc5f)
Merged-In: I14ee42d18802e7869bae8cb437c4d0b65dbea999
Change-Id: I14ee42d18802e7869bae8cb437c4d0b65dbea999
8 files changed
