diff options
| author | Svetoslav <svetoslavganov@google.com> | 2014-10-01 12:50:58 -0700 |
|---|---|---|
| committer | Svetoslav <svetoslavganov@google.com> | 2014-10-01 15:07:27 -0700 |
| commit | ceac51deddb873956c647d1b2dc7b2cc251d404b (patch) | |
| tree | 5538b44cdcd0bca766bc998db24b8d23b4ce57cd /services/accessibility/java | |
| parent | d1462247e05dab10d20372249e9a3ef7ef93fc2e (diff) | |
| download | frameworks_base-ceac51deddb873956c647d1b2dc7b2cc251d404b.zip frameworks_base-ceac51deddb873956c647d1b2dc7b2cc251d404b.tar.gz frameworks_base-ceac51deddb873956c647d1b2dc7b2cc251d404b.tar.bz2 | |
Fix accessiblity introspection from the shell user regression.
Accessibility introspection APIs are meant to query only the state of
the current user. There are command line tools that run as the shell
user and want to be able to intropspect the screen. When resolving
the calling user we were using the calling user id instead of the
special constant for the current user.
Now when resolving the calling user for intrspection we are using
the current user constant and consequentially only the current
user or a profile of the current user or the root or the shell or
the system or an app with cross user permission can introspect the
screen.
bug:17674631
Change-Id: I36d1d7b65441d04c3b4204123c4b6d036ff032c0
Diffstat (limited to 'services/accessibility/java')
| -rw-r--r-- | services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java index be3fc47..dd0b551 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java @@ -2087,7 +2087,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return null; } @@ -2118,7 +2118,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return null; } @@ -2151,7 +2151,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2203,7 +2203,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2255,7 +2255,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2307,7 +2307,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2360,7 +2360,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2411,7 +2411,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2450,7 +2450,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -2497,7 +2497,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { // performs the current profile parent resolution. final int resolvedUserId = mSecurityPolicy .resolveCallingUserIdEnforcingPermissionsLocked( - UserHandle.getCallingUserId()); + UserHandle.USER_CURRENT); if (resolvedUserId != mCurrentUserId) { return false; } @@ -3591,6 +3591,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { if (callingUserId == userId) { return resolveProfileParentLocked(userId); } + final int callingUserParentId = resolveProfileParentLocked(callingUserId); + if (callingUserParentId == mCurrentUserId && + (userId == UserHandle.USER_CURRENT + || userId == UserHandle.USER_CURRENT_OR_SELF)) { + return mCurrentUserId; + } if (!hasPermission(Manifest.permission.INTERACT_ACROSS_USERS) && !hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL)) { throw new SecurityException("Call from user " + callingUserId + " as user " |