Allow interact_across_users to get and update AppWidgetOptions
This change allows callers with the interact_across_users permission to
get and update widget options. Additionally, permission grants that are
not longer necessary are cleaned up.
Bug: 375251109
Test: widgets are able to update views in HSUM
Flag: android.appwidget.flags.security_policy_interact_across_users
Change-Id: If14e4f147276fc9870d71846dfa342c3cba9d415
diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
index f9abd85..68ff972 100644
--- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
+++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
@@ -1469,9 +1469,7 @@
mSecurityPolicy.enforceCallFromPackage(callingPackage);
// Check that if a cross-profile binding is attempted, it is allowed.
- // Cross-profile binding is also allowed if the caller has interact across users permission.
- if (!mSecurityPolicy.isEnabledGroupProfile(providerProfileId)
- && !mSecurityPolicy.hasCallerInteractAcrossUsersPermission()) {
+ if (!mSecurityPolicy.isEnabledGroupProfile(providerProfileId)) {
return false;
}
@@ -2440,10 +2438,8 @@
Slog.i(TAG, "getInstalledProvidersForProfiles() " + userId);
}
- // Ensure the profile is in the group and enabled, or that the caller has permission to
- // interact across users.
- if (!mSecurityPolicy.isEnabledGroupProfile(profileId)
- && !mSecurityPolicy.hasCallerInteractAcrossUsersPermission()) {
+ // Ensure the profile is in the group and enabled.
+ if (!mSecurityPolicy.isEnabledGroupProfile(profileId)) {
return null;
}
@@ -5235,11 +5231,14 @@
return true;
}
final int userId = UserHandle.getUserId(uid);
- if ((widget.host.getUserId() == userId || (widget.provider != null
- && widget.provider.getUserId() == userId))
+ if ((widget.host.getUserId() == userId
+ || (widget.provider != null && widget.provider.getUserId() == userId)
+ || hasCallerInteractAcrossUsersPermission())
&& callerHasPermission(android.Manifest.permission.BIND_APPWIDGET)) {
- // Apps that run in the same user as either the host or the provider and
- // have the bind widget permission have access to the widget.
+ // Access to the widget requires the app to:
+ // - Run in the same user as the host or provider, or have permission to interact
+ // across users
+ // - Have bind widget permission
return true;
}
if (DEBUG) {
@@ -5260,16 +5259,12 @@
* The provider is accessible by the caller if any of the following is true:
* - The provider belongs to the caller
* - The provider belongs to a profile of the caller and is allowlisted
- * - The caller has permission to interact across users
*/
public boolean canAccessProvider(String packageName, int profileId) {
final int callerId = UserHandle.getCallingUserId();
if (profileId == callerId) {
return true;
}
- if (hasCallerInteractAcrossUsersPermission()) {
- return true;
- }
final int parentId = getProfileParent(profileId);
if (parentId != callerId) {
return false;