SecurityException on EMM device when focusing EditText in work profile after taking screenshot in private profile

Precondition:

  • Samsung Tablet SM-T595 with Android 10
  • Tablet is enrolled in EMM (can be simulated with Test DPC)

Steps to reproduce the bug:

  • Open an app within your private profile and take a screenshot (gets automatically saved to the clipboard).
  • Open an app within your work profile and touch any EditText to give it focus.

Expected behaviour:

  • The EditText should be focused with the keyboard coming up.
  • The app should not crash.

Actual behaviour:

The app crashes with the following exception:

Uncaught exception thrown in the UI: java.lang.SecurityException: No access to content://com.sec.android.semclipboardprovider/images: neither user 1010241 nor current process has android.permission.INTERACT_ACROSS_USERS_FULL or android.permission.INTERACT_ACROSS_USERS
at android.os.Parcel.createException(Parcel.java:2088)
at android.os.Parcel.readException(Parcel.java:2056)
at android.os.Parcel.readException(Parcel.java:2004)
at android.sec.clipboard.IClipboardService$Stub$Proxy.getClipData(IClipboardService.java:959)
at com.samsung.android.content.clipboard.SemClipboardManager.getLatestClip(SemClipboardManager.java:609)
at android.widget.EditText.updateClipboardFilter(EditText.java:316)
at android.view.inputmethod.InputMethodManager.startInputInner(InputMethodManager.java:2131)
... 

The SecurityException gets thrown when clipboard data is fetched in response to focusing the EditText. Focusing the EditText results in a call to updateClipboardFilter(), which in turn fetches the data that is currently saved in the clipboard. This is probably done to show the correct options to the user when they want to paste something from the clipboard.

The problem seems to be that the clipboard data which has been saved to the clipboard from an app in the private profile is being accessed by an app in the work profile. Samsung’s clipboard service does not seem to properly handle exchanging clipboard data between users with different profile types.

8 Likes

My app also get same crash, when i have checked crash logs, can you please help me to solve this crash issue.

1 Like

I’ve doing quite a bit of troubleshooting to reproduce this bug and have found no mitigation for it. Samsung apparently has fixed it in Android 11, but it’s a problem on Android 10 for our Note 9 phones.

Pre-requisites: Samsung Note 9, Android 10

  1. Install Test DPC (BasicManagedProfile sample app) simulated Work profile
  2. In Android Studio, create a new Android project using Empty Activity
    template
  3. Change the example Hello World TextView to an EditText control in the
    activity_main.xml layout
  4. Build the APK
  5. Use adb to install APK on your device manually (should show up in both
    Personal and Work profiles)
  6. Launch the version in the Work profile
  7. Take a screenshot (saves image on system clipboard)
  8. Crash
  9. Crash will repeat until you remove or replace the inaccessible image from
    your clipboard (either use the system clipboard manager in the keyboard, or just go copy some text)

You don’t even have to take the screenshot from the Personal profile. Since taking a screenshot can happen with a full-screen swipe gesture, some users may not even be aware they have taken one and the inaccessible image Uri is persisting in their clipboard.

How do we report this to Samsung?