commit fabc3ec63102b3bcf9f2d54b4a151b10319be54f
author Chris Antol <cantol@google.com> Thu Sep 05 03:07:30 2024 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Sep 05 03:07:30 2024 +0000
tree ddb843e4f0b0c7d70bfe1997c8c3f8c5861d1a6b
parent 5e94bcbb1d3978c5e756aca504c697c4c64275ed
parent 7d2552bf93e675b0a1d0acda718d9466fd8a4d47

Merge "RESTRICT AUTOMERGE Checks cross user permission before handling intent" into sc-dev

src/com/android/settings/applications/AppInfoBase.java

diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
index 7104340..9d09800 100644
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,7 +18,9 @@
 
 import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 
+import android.Manifest;
 import android.app.Activity;
+import android.app.ActivityManager;
 import android.app.Dialog;
 import android.app.admin.DevicePolicyManager;
 import android.app.settings.SettingsEnums;
@@ -38,6 +40,7 @@
 import android.text.TextUtils;
 import android.util.Log;
 
+import androidx.annotation.VisibleForTesting;
 import androidx.appcompat.app.AlertDialog;
 import androidx.fragment.app.DialogFragment;
 import androidx.fragment.app.Fragment;
@@ -134,8 +137,13 @@
             }
         }
         if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
-            mUserId = ((UserHandle) intent.getParcelableExtra(
-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+                    .getIdentifier();
+            if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPermission()) {
+                Log.w(TAG, "Intent not valid.");
+                finish();
+                return "";
+            }
         } else {
             mUserId = UserHandle.myUserId();
         }
@@ -158,6 +166,32 @@
         return mPackageName;
     }
 
+    @VisibleForTesting
+    protected boolean hasInteractAcrossUsersPermission() {
+        Activity activity = getActivity();
+        if (activity == null) {
+            return false;
+        }
+        String callingPackageName = null;
+        try {
+            callingPackageName = ActivityManager.getService()
+                .getLaunchedFromPackage(activity.getActivityToken());
+        } catch (Exception e) {
+            return false;
+        }
+        if (TextUtils.isEmpty(callingPackageName)) {
+            Log.w(TAG, "Not able to get calling package name for permission check");
+            return false;
+        }
+        if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+                != PackageManager.PERMISSION_GRANTED) {
+            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+            return false;
+        }
+        return true;
+    }
+
     protected void setIntentAndFinish(boolean appChanged) {
         Log.i(TAG, "appChanged=" + appChanged);
         Intent intent = new Intent();