Fix canCurrentUserBlockUsers API for secondary users.

canCurrentUserBlockUsers should return gracefully for privileged apps instead of throwing UnsupportedOperationException. BUG: 27596508 Change-Id: I74310c7aeb4e2b3247014438b3e457777871a50c
author: Abhijith Shastry <ashastry@google.com> 2016-03-10 11:24:02 -0800
committer: Abhijith Shastry <ashastry@google.com> 2016-03-10 12:10:23 -0800
commit: a42ead888255f167b2d5dc405974bddd12d7695b (patch)
tree: 14161e2393e2c76558d18fa1a88ace3f82f43d93
parent: edc2a563e20f65192262fd72aca5d6d5db436082 (diff)
download: android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.tar.gz
android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.tar.bz2
android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.zip
2 files changed, 95 insertions, 19 deletions
diff --git a/src/com/android/providers/blockednumber/BlockedNumberProvider.java b/src/com/android/providers/blockednumber/BlockedNumberProvider.java
index 69337cd..837a35a 100644
--- a/src/com/android/providers/blockednumber/BlockedNumberProvider.java
+++ b/src/com/android/providers/blockednumber/BlockedNumberProvider.java
@@ -109,7 +109,7 @@ public class BlockedNumberProvider extends ContentProvider {
 
     @Override
     public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
-        enforceWritePermission();
+        enforceWritePermissionAndPrimaryUser();
 
         final int match = sUriMatcher.match(uri);
         switch (match) {
@@ -161,7 +161,7 @@ public class BlockedNumberProvider extends ContentProvider {
     @Override
     public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection,
             @Nullable String[] selectionArgs) {
-        enforceWritePermission();
+        enforceWritePermissionAndPrimaryUser();
 
         throw new UnsupportedOperationException(
                 "Update is not supported.  Use delete + insert instead");
@@ -170,7 +170,7 @@ public class BlockedNumberProvider extends ContentProvider {
     @Override
     public int delete(@NonNull Uri uri, @Nullable String selection,
             @Nullable String[] selectionArgs) {
-        enforceWritePermission();
+        enforceWritePermissionAndPrimaryUser();
 
         final int match = sUriMatcher.match(uri);
         int numRows;
@@ -218,7 +218,7 @@ public class BlockedNumberProvider extends ContentProvider {
     @Override
     public Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection,
             @Nullable String[] selectionArgs, @Nullable String sortOrder) {
-        enforceReadPermission();
+        enforceReadPermissionAndPrimaryUser();
 
         return query(uri, projection, selection, selectionArgs, sortOrder, null);
     }
@@ -227,7 +227,7 @@ public class BlockedNumberProvider extends ContentProvider {
     public Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection,
             @Nullable String[] selectionArgs, @Nullable String sortOrder,
             @Nullable CancellationSignal cancellationSignal) {
-        enforceReadPermission();
+        enforceReadPermissionAndPrimaryUser();
 
         final int match = sUriMatcher.match(uri);
         Cursor cursor;
@@ -286,7 +286,7 @@ public class BlockedNumberProvider extends ContentProvider {
         final Bundle res = new Bundle();
         switch (method) {
             case BlockedNumberContract.METHOD_IS_BLOCKED:
-                enforceReadPermission();
+                enforceReadPermissionAndPrimaryUser();
 
                 res.putBoolean(BlockedNumberContract.RES_NUMBER_IS_BLOCKED, isBlocked(arg));
                 break;
@@ -297,17 +297,17 @@ public class BlockedNumberProvider extends ContentProvider {
                         BlockedNumberContract.RES_CAN_BLOCK_NUMBERS, canCurrentUserBlockUsers());
                 break;
             case SystemContract.METHOD_NOTIFY_EMERGENCY_CONTACT:
-                enforceSystemWritePermission();
+                enforceSystemWritePermissionAndPrimaryUser();
 
                 notifyEmergencyContact();
                 break;
             case SystemContract.METHOD_END_BLOCK_SUPPRESSION:
-                enforceSystemWritePermission();
+                enforceSystemWritePermissionAndPrimaryUser();
 
                 endBlockSuppression();
                 break;
             case SystemContract.METHOD_GET_BLOCK_SUPPRESSION_STATUS:
-                enforceSystemReadPermission();
+                enforceSystemReadPermissionAndPrimaryUser();
 
                 SystemContract.BlockSuppressionStatus status = getBlockSuppressionStatus();
                 res.putBoolean(SystemContract.RES_IS_BLOCKING_SUPPRESSED, status.isSuppressed);
@@ -315,12 +315,12 @@ public class BlockedNumberProvider extends ContentProvider {
                         status.untilTimestampMillis);
                 break;
             case SystemContract.METHOD_SHOULD_SYSTEM_BLOCK_NUMBER:
-                enforceSystemReadPermission();
+                enforceSystemReadPermissionAndPrimaryUser();
                 res.putBoolean(
                         BlockedNumberContract.RES_NUMBER_IS_BLOCKED, shouldSystemBlockNumber(arg));
                 break;
             default:
-                enforceReadPermission();
+                enforceReadPermissionAndPrimaryUser();
 
                 throw new IllegalArgumentException("Unsupported method " + method);
         }
@@ -471,15 +471,22 @@ public class BlockedNumberProvider extends ContentProvider {
         checkForPermission(android.Manifest.permission.READ_BLOCKED_NUMBERS);
     }
 
-    private void enforceWritePermission() {
-        checkForPermission(android.Manifest.permission.WRITE_BLOCKED_NUMBERS);
+    private void enforceReadPermissionAndPrimaryUser() {
+        checkForPermissionAndPrimaryUser(android.Manifest.permission.READ_BLOCKED_NUMBERS);
     }
 
-    private void checkForPermission(String permission) {
+    private void enforceWritePermissionAndPrimaryUser() {
+        checkForPermissionAndPrimaryUser(android.Manifest.permission.WRITE_BLOCKED_NUMBERS);
+    }
+
+    private void checkForPermissionAndPrimaryUser(String permission) {
+        checkForPermission(permission);
         if (!canCurrentUserBlockUsers()) {
             throw new UnsupportedOperationException();
         }
+    }
 
+    private void checkForPermission(String permission) {
         boolean permitted = passesSystemPermissionCheck(permission)
                 || checkForPrivilegedApplications();
         if (!permitted) {
@@ -487,15 +494,15 @@ public class BlockedNumberProvider extends ContentProvider {
         }
     }
 
-    private void enforceSystemReadPermission() {
-        enforceSystemPermission(android.Manifest.permission.READ_BLOCKED_NUMBERS);
+    private void enforceSystemReadPermissionAndPrimaryUser() {
+        enforceSystemPermissionAndUser(android.Manifest.permission.READ_BLOCKED_NUMBERS);
     }
 
-    private void enforceSystemWritePermission() {
-        enforceSystemPermission(android.Manifest.permission.WRITE_BLOCKED_NUMBERS);
+    private void enforceSystemWritePermissionAndPrimaryUser() {
+        enforceSystemPermissionAndUser(android.Manifest.permission.WRITE_BLOCKED_NUMBERS);
     }
 
-    private void enforceSystemPermission(String permission) {
+    private void enforceSystemPermissionAndUser(String permission) {
         if (!canCurrentUserBlockUsers()) {
             throw new UnsupportedOperationException();
         }
diff --git a/tests/src/com/android/providers/blockednumber/BlockedNumberProviderTest.java b/tests/src/com/android/providers/blockednumber/BlockedNumberProviderTest.java
index 6839925..de6a096 100644
--- a/tests/src/com/android/providers/blockednumber/BlockedNumberProviderTest.java
+++ b/tests/src/com/android/providers/blockednumber/BlockedNumberProviderTest.java
@@ -447,6 +447,8 @@ public class BlockedNumberProviderTest extends AndroidTestCase {
     }
 
     public void testIsBlocked() {
+        assertTrue(BlockedNumberContract.canCurrentUserBlockNumbers(mMockContext));
+
         // Prepare test data
         insert(cv(BlockedNumbers.COLUMN_ORIGINAL_NUMBER, "123"));
         insert(cv(BlockedNumbers.COLUMN_ORIGINAL_NUMBER, "+1.2-3"));
@@ -487,6 +489,73 @@ public class BlockedNumberProviderTest extends AndroidTestCase {
         assertFalse(SystemContract.shouldSystemBlockNumber(mMockContext, emergencyNumber));
     }
 
+    public void testPrivilegedAppAccessingApisAsSecondaryUser() {
+        when(mMockContext.mUserManager.isPrimaryUser()).thenReturn(false);
+
+        assertFalse(BlockedNumberContract.canCurrentUserBlockNumbers(mMockContext));
+
+        try {
+            insert(cv(BlockedNumbers.COLUMN_ORIGINAL_NUMBER, "123"));
+            fail("UnsupportedOperationException expected");
+        } catch (UnsupportedOperationException expected) {
+        }
+
+        try {
+            mResolver.query(BlockedNumbers.CONTENT_URI, null, null, null, null);
+            fail("UnsupportedOperationException expected");
+        } catch (UnsupportedOperationException expected) {
+        }
+
+        try {
+            mResolver.delete(BlockedNumbers.CONTENT_URI, null, null);
+            fail("UnsupportedOperationException expected");
+        } catch (UnsupportedOperationException expected) {
+        }
+
+        try {
+            BlockedNumberContract.isBlocked(mMockContext, "123");
+            fail("UnsupportedOperationException expected");
+        } catch (UnsupportedOperationException expected) {
+        }
+    }
+
+    public void testRegularAppAccessingApisAsSecondaryUser() {
+        when(mMockContext.mUserManager.isPrimaryUser()).thenReturn(false);
+        doReturn(PackageManager.PERMISSION_DENIED)
+                .when(mMockContext).checkCallingPermission(anyString());
+
+        try {
+            BlockedNumberContract.canCurrentUserBlockNumbers(mMockContext);
+            fail("SecurityException expected");
+        } catch (SecurityException expected) {
+        }
+
+
+        try {
+            insert(cv(BlockedNumbers.COLUMN_ORIGINAL_NUMBER, "123"));
+            fail("SecurityException expected");
+        } catch (SecurityException expected) {
+        }
+
+        try {
+            mResolver.query(BlockedNumbers.CONTENT_URI, null, null, null, null);
+            fail("SecurityException expected");
+        } catch (SecurityException expected) {
+        }
+
+        try {
+            mResolver.delete(BlockedNumbers.CONTENT_URI, null, null);
+            fail("SecurityException expected");
+        } catch (SecurityException expected) {
+        }
+
+        try {
+            BlockedNumberContract.isBlocked(mMockContext, "123");
+            fail("SecurityException expected");
+        } catch (SecurityException expected) {
+        }
+    }
+
     private void assertIsBlocked(boolean expected, String phoneNumber) {
         assertEquals(expected, BlockedNumberContract.isBlocked(mMockContext, phoneNumber));
     }
author	Abhijith Shastry <ashastry@google.com>	2016-03-10 11:24:02 -0800
committer	Abhijith Shastry <ashastry@google.com>	2016-03-10 12:10:23 -0800
commit	a42ead888255f167b2d5dc405974bddd12d7695b (patch)
tree	14161e2393e2c76558d18fa1a88ace3f82f43d93
parent	edc2a563e20f65192262fd72aca5d6d5db436082 (diff)
download	android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.tar.gz android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.tar.bz2 android_packages_providers_BlockedNumberProvider-a42ead888255f167b2d5dc405974bddd12d7695b.zip