Bind to screenshot service for current user.

jsharkey · jsharkey · commit 35744c19f6b4 · 2012-08-28T16:49:10.000-07:00
Let apps bindService() across user boundaries if they hold the
INTERACT_ACROSS_USERS_FULL permission.

Bug: 7012034
Change-Id: I2047d8318e1de47bfae7470d1dbc6fe5cfe44fdc
diff --git a/policy/src/com/android/internal/policy/impl/PhoneWindowManager.java b/policy/src/com/android/internal/policy/impl/PhoneWindowManager.java
@@ -3134,7 +3134,8 @@ public void handleMessage(Message msg) {
                 @Override
                 public void onServiceDisconnected(ComponentName name) {}
             };
-            if (mContext.bindService(intent, conn, Context.BIND_AUTO_CREATE)) {
+            if (mContext.bindService(
+                    intent, conn, Context.BIND_AUTO_CREATE, UserHandle.USER_CURRENT)) {
                 mScreenshotConnection = conn;
                 mHandler.postDelayed(mScreenshotTimeout, 10000);
             }
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
@@ -10673,7 +10673,25 @@ public int bindService(IApplicationThread caller, IBinder token,
             throw new IllegalArgumentException("File descriptors passed in Intent");
         }
 
-        checkValidCaller(Binder.getCallingUid(), userId);
+        if (userId != UserHandle.getCallingUserId()) {
+            // Requesting a different user, make sure that they have permission
+            if (checkComponentPermission(
+                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+                    Binder.getCallingPid(), Binder.getCallingUid(), -1, true)
+                    == PackageManager.PERMISSION_GRANTED) {
+                // Translate to the current user id, if caller wasn't aware
+                if (userId == UserHandle.USER_CURRENT) {
+                    userId = mCurrentUserId;
+                }
+            } else {
+                String msg = "Permission Denial: Request to bindService as user " + userId
+                        + " but is calling from user " + UserHandle.getCallingUserId()
+                        + "; this requires "
+                        + android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
+                Slog.w(TAG, msg);
+                throw new SecurityException(msg);
+            }
+        }
 
         synchronized(this) {
             return mServices.bindServiceLocked(caller, token, service, resolvedType,
