From 194db6ad91c4aee995930ea8f04ea877730234fd Mon Sep 17 00:00:00 2001
From: Svet Ganov <svetoslavganov@google.com>
Date: Tue, 5 Aug 2014 09:52:18 -0700
Subject: Fix cross-user permission checks in print manager service.

The cross-user check was requesting both interact across users and
interact across users all permissions which is too restrictive. Each
one is sufficient. Further, if the app has one of these premissions
but specifies a given user not current or current-self, the code
was throwing while the correct actions is to return the requested
user id as we alreay vetted the caller's permissions.

bug:16398152

Change-Id: I1a4863eb7b05dababb66bac6e143b78dfad42b81
---
 .../print/java/com/android/server/print/PrintManagerService.java     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'services/print')

diff --git a/services/print/java/com/android/server/print/PrintManagerService.java b/services/print/java/com/android/server/print/PrintManagerService.java
index 0575a5e..7400dde 100644
--- a/services/print/java/com/android/server/print/PrintManagerService.java
+++ b/services/print/java/com/android/server/print/PrintManagerService.java
@@ -734,7 +734,7 @@ public final class PrintManagerService extends SystemService {
             }
             if (mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL)
                     != PackageManager.PERMISSION_GRANTED
-                ||  mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS)
+                &&  mContext.checkCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS)
                     != PackageManager.PERMISSION_GRANTED) {
                 if (userId == UserHandle.USER_CURRENT_OR_SELF) {
                     return callingUserId;
@@ -746,8 +746,7 @@ public final class PrintManagerService extends SystemService {
             if (userId == UserHandle.USER_CURRENT || userId == UserHandle.USER_CURRENT_OR_SELF) {
                 return mCurrentUserId;
             }
-            throw new IllegalArgumentException("Calling user can be changed to only "
-                    + "UserHandle.USER_CURRENT or UserHandle.USER_CURRENT_OR_SELF.");
+            return userId;
         }
 
         private String resolveCallingPackageNameEnforcingSecurity(String packageName) {
-- 
cgit v1.1