commit 0056992c8475522122ed1b83738c0573e48974c5
author Anna Zhuravleva <azhura@google.com> Fri Mar 15 16:38:05 2024 +0000
committer Anna Zhuravleva <azhura@google.com> Fri Mar 15 17:17:43 2024 +0000
tree 5747dfeb5955ea32417f977f5dd222dc17a45e6e
parent 7b9df00f54dcac6d9963d7565a6c3da037ea9b5b

Allow not Home system apps access hidden profile.

Some system apps need to call Launcher Apps APIs for private profile
(e.g. to power Launcher apps suggestion) but can't have the HOME role.

This change relaxes the restriction and only requires the privileged permission.

Bug: 329839558
Test: atest LauncherAppsForHiddenProfilesTest
Flag: android.multiuser.enable_launcher_apps_hidden_profile_checksi
DEVELOPMENT

Change-Id: If2305a49c0ce5fabaea00ed035290fce916c699a

services/core/java/com/android/server/pm/LauncherAppsService.java

diff --git a/services/core/java/com/android/server/pm/LauncherAppsService.java b/services/core/java/com/android/server/pm/LauncherAppsService.java
index c6bb99e..20b669b 100644
--- a/services/core/java/com/android/server/pm/LauncherAppsService.java
+++ b/services/core/java/com/android/server/pm/LauncherAppsService.java
@@ -18,12 +18,12 @@
 
 import static android.Manifest.permission.READ_FRAME_BUFFER;
 import static android.app.ActivityOptions.KEY_SPLASH_SCREEN_THEME;
+import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED;
+import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED;
 import static android.app.AppOpsManager.MODE_ALLOWED;
 import static android.app.AppOpsManager.MODE_IGNORED;
 import static android.app.AppOpsManager.OP_ARCHIVE_ICON_OVERLAY;
 import static android.app.AppOpsManager.OP_UNARCHIVAL_CONFIRMATION;
-import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED;
-import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED;
 import static android.app.PendingIntent.FLAG_IMMUTABLE;
 import static android.app.PendingIntent.FLAG_MUTABLE;
 import static android.app.PendingIntent.FLAG_UPDATE_CURRENT;
@@ -555,12 +555,6 @@
                     return false;
                 }
 
-                if (!mRoleManager
-                        .getRoleHoldersAsUser(
-                                RoleManager.ROLE_HOME, UserHandle.getUserHandleForUid(callingUid))
-                        .contains(callingPackage.getPackageName())) {
-                    return false;
-                }
                 if (mContext.checkPermission(
                                 Manifest.permission.ACCESS_HIDDEN_PROFILES_FULL,
                                 callingPid,
@@ -569,6 +563,13 @@
                     return true;
                 }
 
+                if (!mRoleManager
+                        .getRoleHoldersAsUser(
+                                RoleManager.ROLE_HOME, UserHandle.getUserHandleForUid(callingUid))
+                        .contains(callingPackage.getPackageName())) {
+                    return false;
+                }
+
                 // TODO(b/321988638): add option to disable with a flag
                 return mContext.checkPermission(
                                 android.Manifest.permission.ACCESS_HIDDEN_PROFILES,