Merge "Checks cross user permission before handling intent" into udc-dev am: f40bb9bbec

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/29011113 Change-Id: I58b38c863ecd68459ecff22f7898c8a7070daf44 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-09-05 03:18:36 +00:00
parent 74a0614bbf f40bb9bbec
commit 3c5ec77a90
1 changed files with 31 additions and 2 deletions
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,6 +18,7 @@ package com.android.settings.applications;

 import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

+import android.Manifest;
 import android.app.Activity;
 import android.app.Dialog;
 import android.app.admin.DevicePolicyManager;
@@ -39,6 +40,7 @@ import android.os.UserManager;
 import android.text.TextUtils;
 import android.util.Log;

+import androidx.annotation.VisibleForTesting;
 import androidx.appcompat.app.AlertDialog;
 import androidx.fragment.app.DialogFragment;
 import androidx.fragment.app.Fragment;
@@ -135,8 +137,13 @@ public abstract class AppInfoBase extends SettingsPreferenceFragment
            }
        }
        if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
-            mUserId = ((UserHandle) intent.getParcelableExtra(
-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+                    .getIdentifier();
+            if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPermission()) {
+                Log.w(TAG, "Intent not valid.");
+                finish();
+                return "";
+            }
        } else {
            mUserId = UserHandle.myUserId();
        }
@@ -159,6 +166,28 @@ public abstract class AppInfoBase extends SettingsPreferenceFragment
        return mPackageName;
    }

+    @VisibleForTesting
+    protected boolean hasInteractAcrossUsersPermission() {
+        Activity activity = getActivity();
+        if (!(activity instanceof SettingsActivity)) {
+            return false;
+        }
+        final String callingPackageName =
+                ((SettingsActivity) activity).getInitialCallingPackage();
+
+        if (TextUtils.isEmpty(callingPackageName)) {
+            Log.w(TAG, "Not able to get calling package name for permission check");
+            return false;
+        }
+        if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+                != PackageManager.PERMISSION_GRANTED) {
+            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+            return false;
+        }
+        return true;
+    }
+
    protected void setIntentAndFinish(boolean appChanged) {
        Log.i(TAG, "appChanged=" + appChanged);
        Intent intent = new Intent();