From b18aa8c1ce9ece56acd102cc74d43617b399c10d Mon Sep 17 00:00:00 2001
From: Fan Wu <cechkahn@google.com>
Date: Mon, 22 Jul 2024 16:12:46 +0800
Subject: [PATCH] Checks cross user permission before handling intent

Bug: 326057017

Test: atest

Flag: EXEMPT bug fix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d3b3edd45167515579ab156533754e56ac813f35)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bcb28adf2a58183ddaf6d34eefcbc9d3117ba37b)
Merged-In: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
Change-Id: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
---
 .../settings/applications/AppInfoBase.java    | 33 +++++++++++++++-
 .../applications/AppInfoWithHeaderTest.java   | 38 +++++++++++++++++++
 2 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
index b892c18637d..e27d604cb17 100644
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,6 +18,7 @@
 
 import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 
+import android.Manifest;
 import android.app.Activity;
 import android.app.Dialog;
 import android.app.admin.DevicePolicyManager;
@@ -39,6 +40,7 @@
 import android.text.TextUtils;
 import android.util.Log;
 
+import androidx.annotation.VisibleForTesting;
 import androidx.appcompat.app.AlertDialog;
 import androidx.fragment.app.DialogFragment;
 import androidx.fragment.app.Fragment;
@@ -135,8 +137,13 @@ protected String retrieveAppEntry() {
             }
         }
         if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
-            mUserId = ((UserHandle) intent.getParcelableExtra(
-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+                    .getIdentifier();
+            if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPermission()) {
+                Log.w(TAG, "Intent not valid.");
+                finish();
+                return "";
+            }
         } else {
             mUserId = UserHandle.myUserId();
         }
@@ -163,6 +170,28 @@ protected String retrieveAppEntry() {
         return mPackageName;
     }
 
+    @VisibleForTesting
+    protected boolean hasInteractAcrossUsersPermission() {
+        Activity activity = getActivity();
+        if (!(activity instanceof SettingsActivity)) {
+            return false;
+        }
+        final String callingPackageName =
+                ((SettingsActivity) activity).getInitialCallingPackage();
+
+        if (TextUtils.isEmpty(callingPackageName)) {
+            Log.w(TAG, "Not able to get calling package name for permission check");
+            return false;
+        }
+        if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+                != PackageManager.PERMISSION_GRANTED) {
+            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+            return false;
+        }
+        return true;
+    }
+
     protected void setIntentAndFinish(boolean appChanged) {
         Log.i(TAG, "appChanged=" + appChanged);
         Intent intent = new Intent();
diff --git a/tests/robotests/src/com/android/settings/applications/AppInfoWithHeaderTest.java b/tests/robotests/src/com/android/settings/applications/AppInfoWithHeaderTest.java
index ce520271de6..0bf01719913 100644
--- a/tests/robotests/src/com/android/settings/applications/AppInfoWithHeaderTest.java
+++ b/tests/robotests/src/com/android/settings/applications/AppInfoWithHeaderTest.java
@@ -174,6 +174,32 @@ public void extraUserHandleInIntent_retrieveAppEntryWithMyUserId()
         assertThat(mAppInfoWithHeader.mAppEntry).isNotNull();
     }
 
+    @Test
+    public void noCrossUserPermission_retrieveAppEntry_fail()
+            throws PackageManager.NameNotFoundException {
+        TestFragmentWithoutPermission testFragmentWithoutPermission =
+                new TestFragmentWithoutPermission();
+        final int userId = 1002;
+        final String packageName = "com.android.settings";
+
+        testFragmentWithoutPermission.mIntent.putExtra(Intent.EXTRA_USER_HANDLE,
+                new UserHandle(userId));
+        testFragmentWithoutPermission.mIntent.setData(Uri.fromParts("package",
+                packageName, null));
+        final ApplicationsState.AppEntry entry = mock(ApplicationsState.AppEntry.class);
+        entry.info = new ApplicationInfo();
+        entry.info.packageName = packageName;
+
+        when(testFragmentWithoutPermission.mState.getEntry(packageName, userId)).thenReturn(entry);
+        when(testFragmentWithoutPermission.mPm.getPackageInfoAsUser(eq(entry.info.packageName),
+                any(), eq(userId))).thenReturn(
+                testFragmentWithoutPermission.mPackageInfo);
+
+        testFragmentWithoutPermission.retrieveAppEntry();
+
+        assertThat(testFragmentWithoutPermission.mAppEntry).isNull();
+    }
+
     public static class TestFragment extends AppInfoWithHeader {
 
         PreferenceManager mManager;
@@ -226,6 +252,11 @@ public Context getContext() {
             return mShadowContext;
         }
 
+        @Override
+        protected boolean hasInteractAcrossUsersPermission() {
+            return true;
+        }
+
         @Override
         protected void onPackageRemoved() {
             mPackageRemovedCalled = true;
@@ -234,4 +265,11 @@ protected void onPackageRemoved() {
         @Override
         protected Intent getIntent() { return mIntent; }
     }
+
+    private static final class TestFragmentWithoutPermission extends TestFragment {
+        @Override
+        protected boolean hasInteractAcrossUsersPermission() {
+            return false;
+        }
+    }
 }