diff options
| author | Joanne Chung <joannechung@google.com> | 2020-12-30 13:02:13 +0800 |
|---|---|---|
| committer | Joanne Chung <joannechung@google.com> | 2020-12-30 19:57:04 +0800 |
| commit | fde8a2f917663c963090bdfb140cfb353859b2fe (patch) | |
| tree | ca89e5247d94d839268aaa54d04dc2943dfd7767 /core/java/android/app/AppOpsManager.java | |
| parent | c2df8ea9208e0623dced4d3048ab1c6f175a9b59 (diff) | |
Get ApplicationInfo using usr id
Use ApplicationInfoAsUser() to get the application information by
user id to make sure we have correct permission, othewise we will
get the SecurityException due to lack of INTERACT_ACROSS_USERS.
Also add checking in StartProxyOp, we don't add it in client code.
Bug: 176313819
Test: atest CtsVoiceRecognitionTestCases
Test: manual.
1.create profile user
2.Install sample recognizer app
3.Function works fine and no security exception occurred after
apply the change
Change-Id: Iaf485537b8082d2109d2134ff987dc7244e31218
Diffstat (limited to 'core/java/android/app/AppOpsManager.java')
| -rw-r--r-- | core/java/android/app/AppOpsManager.java | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index 20953c6f6637..a23dd35fa55f 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -7664,8 +7664,8 @@ public class AppOpsManager { } else if (collectionMode == COLLECT_SYNC // Only collect app-ops when the proxy is trusted && (mContext.checkPermission(Manifest.permission.UPDATE_APP_OPS_STATS, -1, - myUid) == PackageManager.PERMISSION_GRANTED - || isTrustedVoiceServiceProxy(mContext, mContext.getOpPackageName(), op))) { + myUid) == PackageManager.PERMISSION_GRANTED || isTrustedVoiceServiceProxy( + mContext, mContext.getOpPackageName(), op, mContext.getUserId()))) { collectNotedOpSync(op, proxiedAttributionTag); } } @@ -7683,7 +7683,7 @@ public class AppOpsManager { * @hide */ public static boolean isTrustedVoiceServiceProxy(Context context, String packageName, - int code) { + int code, int userId) { // This is a workaround for R QPR, new API change is not allowed. We only allow the current // voice recognizer is also the voice interactor to noteproxy op. if (code != OP_RECORD_AUDIO) { @@ -7695,7 +7695,7 @@ public class AppOpsManager { final String voiceRecognitionServicePackageName = getComponentPackageNameFromString(voiceRecognitionComponent); return (Objects.equals(packageName, voiceRecognitionServicePackageName)) - && isPackagePreInstalled(context, packageName); + && isPackagePreInstalled(context, packageName, userId); } private static String getComponentPackageNameFromString(String from) { @@ -7703,10 +7703,11 @@ public class AppOpsManager { return componentName != null ? componentName.getPackageName() : ""; } - private static boolean isPackagePreInstalled(Context context, String packageName) { + private static boolean isPackagePreInstalled(Context context, String packageName, int userId) { try { final PackageManager pm = context.getPackageManager(); - final ApplicationInfo info = pm.getApplicationInfo(packageName, 0); + final ApplicationInfo info = + pm.getApplicationInfoAsUser(packageName, 0, userId); return ((info.flags & ApplicationInfo.FLAG_SYSTEM) != 0); } catch (PackageManager.NameNotFoundException e) { return false; @@ -8069,12 +8070,15 @@ public class AppOpsManager { collectNotedOpForSelf(opInt, proxiedAttributionTag); } else if (collectionMode == COLLECT_SYNC // Only collect app-ops when the proxy is trusted - && mContext.checkPermission(Manifest.permission.UPDATE_APP_OPS_STATS, -1, - Process.myUid()) == PackageManager.PERMISSION_GRANTED) { + && (mContext.checkPermission(Manifest.permission.UPDATE_APP_OPS_STATS, -1, + Process.myUid()) == PackageManager.PERMISSION_GRANTED + || isTrustedVoiceServiceProxy(mContext, mContext.getOpPackageName(), opInt, + mContext.getUserId()))) { collectNotedOpSync(opInt, proxiedAttributionTag); } } + return mode; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); |