Revert "Allow privileged apps to query contact provider across user"

This reverts commit 6c1fbf2ed96fc62e5e1ece28e8cd8a973174fa84.

Reason for revert: change breaks CTS.

Bug: 138781676
Change-Id: Iacba9efe43eef053acab7e46d2e7c1caedb51802

1 files changed, 8 insertions, 23 deletions

diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java
index c43cc1ed..02c8bf00 100644
--- a/src/com/android/providers/contacts/ContactsProvider2.java
+++ b/src/com/android/providers/contacts/ContactsProvider2.java
@@ -16,10 +16,6 @@
 
 package com.android.providers.contacts;
 
-import static android.content.pm.PackageManager.PERMISSION_GRANTED;
-import static android.Manifest.permission.INTERACT_ACROSS_USERS;
-import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
-
 import android.accounts.Account;
 import android.accounts.AccountManager;
 import android.accounts.OnAccountsUpdateListener;
@@ -218,6 +214,7 @@ public class ContactsProvider2 extends AbstractContactsProvider
 
     private static final String READ_PERMISSION = "android.permission.READ_CONTACTS";
     private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS";
+    private static final String INTERACT_ACROSS_USERS = "android.permission.INTERACT_ACROSS_USERS";
 
 
     /* package */ static final String PHONEBOOK_COLLATOR_NAME = "PHONEBOOK";
@@ -5457,13 +5454,9 @@ public class ContactsProvider2 extends AbstractContactsProvider
             return null;
         }
 
-        // If caller does not come from same profile, Check if it's privileged or allowed by
-        // enterprise policy
-        if (!isCallerFromSameUser()) {
-            if (!callerHoldsInteractAcrossUserPermission()
-                    && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)) {
-                return createEmptyCursor(uri, projection);
-            }
+        // Check enterprise policy if caller does not come from same profile
+        if (!(isCallerFromSameUser() || mEnterprisePolicyGuard.isCrossProfileAllowed(uri))) {
+            return createEmptyCursor(uri, projection);
         }
         // Query the profile DB if appropriate.
         if (mapsToProfileDb(uri)) {
@@ -5489,12 +5482,6 @@ public class ContactsProvider2 extends AbstractContactsProvider
                 .getCurrentUserHandle(getContext());
     }
 
-    private boolean callerHoldsInteractAcrossUserPermission() {
-        final Context context = getContext();
-        return context.checkCallingPermission(INTERACT_ACROSS_USERS_FULL) == PERMISSION_GRANTED
-                || context.checkCallingPermission(INTERACT_ACROSS_USERS) == PERMISSION_GRANTED;
-    }
-
     private Cursor queryDirectoryIfNecessary(Uri uri, String[] projection, String selection,
             String[] selectionArgs, String sortOrder, CancellationSignal cancellationSignal) {
         String directory = getQueryParameter(uri, ContactsContract.DIRECTORY_PARAM_KEY);
@@ -8538,12 +8525,10 @@ public class ContactsProvider2 extends AbstractContactsProvider
             if (!isDirectoryParamValid(uri)){
                 return null;
             }
-            if (!isCallerFromSameUser()) { /* From differnt user */
-                if (!callerHoldsInteractAcrossUserPermission() /* no cross user permission */
-                        && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)
-                        /* Policy not allowed */){
-                    return null;
-                }
+            if (!isCallerFromSameUser() /* From differnt user */
+                    && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)
+                    /* Policy not allowed */){
+                return null;
             }
             waitForAccess(mode.equals("r") ? mReadAccessLatch : mWriteAccessLatch);
             final AssetFileDescriptor ret;