From 194db6ad91c4aee995930ea8f04ea877730234fd Mon Sep 17 00:00:00 2001 From: Svet Ganov Date: Tue, 5 Aug 2014 09:52:18 -0700 Subject: Fix cross-user permission checks in print manager service. The cross-user check was requesting both interact across users and interact across users all permissions which is too restrictive. Each one is sufficient. Further, if the app has one of these premissions but specifies a given user not current or current-self, the code was throwing while the correct actions is to return the requested user id as we alreay vetted the caller's permissions. bug:16398152 Change-Id: I1a4863eb7b05dababb66bac6e143b78dfad42b81 --- .../print/java/com/android/server/print/PrintManagerService.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'services/print') diff --git a/services/print/java/com/android/server/print/PrintManagerService.java b/services/print/java/com/android/server/print/PrintManagerService.java index 0575a5e..7400dde 100644 --- a/services/print/java/com/android/server/print/PrintManagerService.java +++ b/services/print/java/com/android/server/print/PrintManagerService.java @@ -734,7 +734,7 @@ public final class PrintManagerService extends SystemService { } if (mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL) != PackageManager.PERMISSION_GRANTED - || mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS) + && mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS) != PackageManager.PERMISSION_GRANTED) { if (userId == UserHandle.USER_CURRENT_OR_SELF) { return callingUserId; @@ -746,8 +746,7 @@ public final class PrintManagerService extends SystemService { if (userId == UserHandle.USER_CURRENT || userId == UserHandle.USER_CURRENT_OR_SELF) { return mCurrentUserId; } - throw new IllegalArgumentException("Calling user can be changed to only " - + "UserHandle.USER_CURRENT or UserHandle.USER_CURRENT_OR_SELF."); + return userId; } private String resolveCallingPackageNameEnforcingSecurity(String packageName) { -- cgit v1.1