diff options
Diffstat (limited to 'src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java')
-rw-r--r-- | src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java b/src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java index 46841050..12a03053 100644 --- a/src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java +++ b/src/com/android/providers/contacts/enterprise/EnterprisePolicyGuard.java @@ -19,8 +19,10 @@ package com.android.providers.contacts.enterprise; import android.annotation.NonNull; import android.app.admin.DevicePolicyManager; import android.content.Context; +import android.content.pm.PackageManager; import android.net.Uri; import android.os.UserHandle; +import android.os.UserManager; import android.provider.ContactsContract; import android.provider.ContactsContract.Directory; import android.provider.Settings; @@ -29,8 +31,11 @@ import android.util.Log; import com.android.providers.contacts.ContactsProvider2; import com.android.providers.contacts.ProfileAwareUriMatcher; import com.android.providers.contacts.util.UserUtils; + import com.google.common.annotations.VisibleForTesting; +import static android.Manifest.permission.INTERACT_ACROSS_USERS; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.provider.Settings.Secure.MANAGED_PROFILE_CONTACT_REMOTE_SEARCH; /** @@ -44,22 +49,25 @@ public class EnterprisePolicyGuard { final private Context mContext; final private DevicePolicyManager mDpm; + final private PackageManager mPm; public EnterprisePolicyGuard(Context context) { mContext = context; mDpm = context.getSystemService(DevicePolicyManager.class); + mPm = context.getPackageManager(); } /** * Check if cross profile query is allowed for the given uri * * @param uri Uri that we want to check. + * @param callingPackage Name of the client package that called CP2 in the other profile * @return True if cross profile query is allowed for this uri */ - public boolean isCrossProfileAllowed(@NonNull Uri uri) { + public boolean isCrossProfileAllowed(@NonNull Uri uri, @NonNull String callingPackage) { final int uriCode = sUriMatcher.match(uri); final UserHandle currentHandle = new UserHandle(UserUtils.getCurrentUserHandle(mContext)); - if (uriCode == -1 || currentHandle == null) { + if (uriCode == -1) { return false; } @@ -67,11 +75,14 @@ public class EnterprisePolicyGuard { return true; } - final boolean isCallerIdEnabled = !mDpm.getCrossProfileCallerIdDisabled(currentHandle); + final boolean isCallerIdEnabled = + mDpm.hasManagedProfileCallerIdAccess(currentHandle, callingPackage); final boolean isContactsSearchPolicyEnabled = - !mDpm.getCrossProfileContactsSearchDisabled(currentHandle); + mDpm.hasManagedProfileContactsAccess(currentHandle, callingPackage); final boolean isBluetoothContactSharingEnabled = !mDpm.getBluetoothContactSharingDisabled(currentHandle); + final boolean isManagedProfileEnabled = !UserUtils.getUserManager(mContext) + .isQuietModeEnabled(new UserHandle(UserUtils.getCorpUserId(mContext))); final boolean isContactRemoteSearchUserEnabled = isContactRemoteSearchUserSettingEnabled(); final String directory = uri.getQueryParameter(ContactsContract.DIRECTORY_PARAM_KEY); @@ -81,24 +92,34 @@ public class EnterprisePolicyGuard { Log.v(TAG, "isContactsSearchPolicyEnabled: " + isContactsSearchPolicyEnabled); Log.v(TAG, "isBluetoothContactSharingEnabled: " + isBluetoothContactSharingEnabled); Log.v(TAG, "isContactRemoteSearchUserEnabled: " + isContactRemoteSearchUserEnabled); + Log.v(TAG, "isManagedProfileEnabled: " + isManagedProfileEnabled); } // If it is a remote directory, it is allowed only when // (i) The uri supports directory // (ii) User enables it in settings + // (iii) The managed profile is enabled if (directory != null) { final long directoryId = Long.parseLong(directory); if (Directory.isRemoteDirectoryId(directoryId) && !(isCrossProfileDirectorySupported(uri) - && isContactRemoteSearchUserEnabled)) { + && isContactRemoteSearchUserEnabled + && isManagedProfileEnabled)) { return false; } } + final boolean isAllowedByCallerIdPolicy = isCallerIdGuarded(uriCode) && isCallerIdEnabled; + final boolean isAllowedByContactSearchPolicy = + isContactsSearchGuarded(uriCode) && isContactsSearchPolicyEnabled; + final boolean isAllowedByBluetoothSharingPolicy = + isBluetoothContactSharing(uriCode) && isBluetoothContactSharingEnabled + // Only allow apps with INTERACT_ACROSS_USERS to access the bluetooth APIs + && mPm.checkPermission(INTERACT_ACROSS_USERS, callingPackage) + == PERMISSION_GRANTED; // If either guard policy allows access, return true. - return (isCallerIdGuarded(uriCode) && isCallerIdEnabled) - || (isContactsSearchGuarded(uriCode) && isContactsSearchPolicyEnabled) - || (isBluetoothContactSharing(uriCode) && isBluetoothContactSharingEnabled); + return isAllowedByCallerIdPolicy || isAllowedByContactSearchPolicy + || isAllowedByBluetoothSharingPolicy; } private boolean isUriWhitelisted(int uriCode) { @@ -148,7 +169,9 @@ public class EnterprisePolicyGuard { switch (uriCode) { case ContactsProvider2.PHONE_LOOKUP_ENTERPRISE: case ContactsProvider2.EMAILS_LOOKUP_ENTERPRISE: + case ContactsProvider2.CONTACTS_ENTERPRISE: case ContactsProvider2.CONTACTS_FILTER_ENTERPRISE: + case ContactsProvider2.PHONES_ENTERPRISE: case ContactsProvider2.PHONES_FILTER_ENTERPRISE: case ContactsProvider2.CALLABLES_FILTER_ENTERPRISE: case ContactsProvider2.EMAILS_FILTER_ENTERPRISE: @@ -180,8 +203,10 @@ public class EnterprisePolicyGuard { switch(uriCode) { case ContactsProvider2.DIRECTORIES: case ContactsProvider2.DIRECTORIES_ID: + case ContactsProvider2.CONTACTS: case ContactsProvider2.CONTACTS_FILTER: case ContactsProvider2.CALLABLES_FILTER: + case ContactsProvider2.PHONES: case ContactsProvider2.PHONES_FILTER: case ContactsProvider2.EMAILS_FILTER: case ContactsProvider2.CONTACTS_ID_PHOTO: @@ -208,4 +233,5 @@ public class EnterprisePolicyGuard { mContext.getContentResolver(), MANAGED_PROFILE_CONTACT_REMOTE_SEARCH, 0) == 1; } + } |