Fix security vulnerability in DPMS
Changed DPMS#getCrossProfileCalendarPackagesForUser to always require
INTERACT_ACROSS_USERS or INTERACT_ACROSS_USERS_FULL.
Bug: 187043444
Test: N/A
Change-Id: I53300bfe2e0481df0d473cc73a85857b5603a45e
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 8d74796..5b65795 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -13112,6 +13112,10 @@
* @see #getCrossProfileCalendarPackages(ComponentName)
* @hide
*/
+ @RequiresPermission(anyOf = {
+ permission.INTERACT_ACROSS_USERS_FULL,
+ permission.INTERACT_ACROSS_USERS
+ })
public @Nullable Set<String> getCrossProfileCalendarPackages() {
throwIfParentInstance("getCrossProfileCalendarPackages");
if (mService != null) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index dddf3df..228bc0e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -16016,9 +16016,9 @@
return Collections.emptyList();
}
Preconditions.checkArgumentNonnegative(userHandle, "Invalid userId");
-
- final CallerIdentity caller = getCallerIdentity();
- Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userHandle));
+ Preconditions.checkCallAuthorization(
+ hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS)
+ || hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL));
synchronized (getLockObject()) {
final ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);