diff options
| author | kholoud mohamed <kholoudm@google.com> | 2020-03-27 13:29:19 +0000 |
|---|---|---|
| committer | Kholoud Mohamed <kholoudm@google.com> | 2020-04-06 10:13:09 +0000 |
| commit | 9bbab6a6df969a7c3e703fcd6076f4415847841f (patch) | |
| tree | e9d320365f45be0bfabdc8347cd81b351df0633f /services/robotests/src | |
| parent | ea6a210cf54fd90c042de30dde70ca3a2a0bc3b0 (diff) | |
Remove platform-signed apps from configurable cross profile apps
Most apps that declare the INTERACT_ACROSS_PROFILES permission do
not have it granted, but get the app-op instead. We do not
normally want platform-signed apps that are actually given the
permission to appear in the user-configurable section in Settings,
so we remove them from the return value of
canUserAttemptToConfigureInteractAcrossProfiles in this CL.
Note that OEM can choose to allow some platform-signed apps to be
user-configurable by including them in their OEM whitelist file.
This CL respects that and allows these apps to be configured by the user,
despite being granted the permission. If the user rejects the app-op,
PermissionChecker correctly returns false.
Bug: 149742043
Test: atest CrossProfileAppsServiceImplRoboTest
Change-Id: I693338507eec9cdc0ba10a3584e994a58d2d113c
Diffstat (limited to 'services/robotests/src')
| -rw-r--r-- | services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java b/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java index 138f9829c088..f8d197acf883 100644 --- a/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java +++ b/services/robotests/src/com/android/server/pm/CrossProfileAppsServiceImplRoboTest.java @@ -199,6 +199,12 @@ public class CrossProfileAppsServiceImplRoboTest { CROSS_PROFILE_APP_PACKAGE_NAME, PERSONAL_PROFILE_UID, PERSONAL_PROFILE_USER_ID); ShadowApplicationPackageManager.setPackageUidAsUser( CROSS_PROFILE_APP_PACKAGE_NAME, WORK_PROFILE_UID, WORK_PROFILE_USER_ID); + when(mPackageManagerInternal.getPackageUidInternal( + CROSS_PROFILE_APP_PACKAGE_NAME, /* flags= */ 0, PERSONAL_PROFILE_USER_ID)) + .thenReturn(PERSONAL_PROFILE_UID); + when(mPackageManagerInternal.getPackageUidInternal( + CROSS_PROFILE_APP_PACKAGE_NAME, /* flags= */ 0, WORK_PROFILE_USER_ID)) + .thenReturn(WORK_PROFILE_UID); } @Before @@ -456,6 +462,19 @@ public class CrossProfileAppsServiceImplRoboTest { } @Test + public void canUserAttemptToConfigureInteractAcrossProfiles_platformSignedAppWithAutomaticPermission_returnsFalse() { + mockCrossProfileAppNotWhitelistedByOem(); + shadowOf(mContext).grantPermissions( + Process.myPid(), + PERSONAL_PROFILE_UID, + Manifest.permission.INTERACT_ACROSS_PROFILES); + + assertThat(mCrossProfileAppsServiceImpl + .canUserAttemptToConfigureInteractAcrossProfiles(CROSS_PROFILE_APP_PACKAGE_NAME)) + .isFalse(); + } + + @Test public void canUserAttemptToConfigureInteractAcrossProfiles_returnsTrue() { assertThat(mCrossProfileAppsServiceImpl .canUserAttemptToConfigureInteractAcrossProfiles(CROSS_PROFILE_APP_PACKAGE_NAME)) @@ -528,6 +547,11 @@ public class CrossProfileAppsServiceImplRoboTest { .thenReturn(new ArrayList<>()); } + private void mockCrossProfileAppNotWhitelistedByOem() { + when(mDevicePolicyManagerInternal.getDefaultCrossProfilePackages()) + .thenReturn(new ArrayList<>()); + } + private boolean receivedManifestCanInteractAcrossProfilesChangedBroadcast() { final UserHandle userHandle = UserHandle.of(PERSONAL_PROFILE_USER_ID); if (!mSentUserBroadcasts.containsKey(userHandle)) { |