Revert "Honor app visibility when get MIME type from ContentProvider" (0796251f) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ContentProviderHelper.java

+26 −40

Original line number	Diff line number	Diff line
		@@ -29,7 +29,6 @@ import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_MU;
		import static com.android.server.am.ActivityManagerService.TAG_MU;
		import static com.android.server.am.ProcessProfileRecord.HOSTING_COMPONENT_TYPE_PROVIDER;

		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.ActivityManager;
		import android.app.ActivityManagerInternal;
		@@ -49,6 +48,7 @@ import android.content.Intent;
		import android.content.pm.ApplicationInfo;
		import android.content.pm.PackageInfo;
		import android.content.pm.PackageManager;
		import android.content.pm.PackageManagerInternal;
		import android.content.pm.PathPermission;
		import android.content.pm.ProviderInfo;
		import android.content.pm.UserInfo;
		@@ -958,22 +958,20 @@ public class ContentProviderHelper {
		String getProviderMimeType(Uri uri, int userId) {
		mService.enforceNotIsolatedCaller("getProviderMimeType");
		final String name = uri.getAuthority();
		final int callingUid = Binder.getCallingUid();
		final int callingPid = Binder.getCallingPid();
		final int safeUserId = mService.mUserController.unsafeConvertIncomingUser(userId);
		final long ident = canClearIdentity(callingPid, callingUid, safeUserId)
		? Binder.clearCallingIdentity() : 0;
		final ContentProviderHolder holder;
		try {
		holder = getContentProviderExternalUnchecked(name, null, callingUid,
		"getmimetype", safeUserId);
		} finally {
		if (ident != 0) {
		Binder.restoreCallingIdentity(ident);
		}
		int callingUid = Binder.getCallingUid();
		int callingPid = Binder.getCallingPid();
		long ident = 0;
		boolean clearedIdentity = false;
		userId = mService.mUserController.unsafeConvertIncomingUser(userId);
		if (canClearIdentity(callingPid, callingUid, userId)) {
		clearedIdentity = true;
		ident = Binder.clearCallingIdentity();
		}
		ContentProviderHolder holder = null;
		try {
		if (isHolderVisibleToCaller(holder, callingUid, safeUserId)) {
		holder = getContentProviderExternalUnchecked(name, null, callingUid,
		"getmimetype", userId);
		if (holder != null) {
		final IBinder providerConnection = holder.connection;
		final ComponentName providerName = holder.info.getComponentName();
		// Note: creating a new Runnable instead of using a lambda here since lambdas in
		@@ -1002,13 +1000,15 @@ public class ContentProviderHelper {
		return null;
		} finally {
		// We need to clear the identity to call removeContentProviderExternalUnchecked
		final long token = Binder.clearCallingIdentity();
		if (!clearedIdentity) {
		ident = Binder.clearCallingIdentity();
		}
		try {
		if (holder != null) {
		removeContentProviderExternalUnchecked(name, null /* token */, safeUserId);
		removeContentProviderExternalUnchecked(name, null, userId);
		}
		} finally {
		Binder.restoreCallingIdentity(token);
		Binder.restoreCallingIdentity(ident);
		}
		}

		@@ -1027,20 +1027,12 @@ public class ContentProviderHelper {
		final int callingUid = Binder.getCallingUid();
		final int callingPid = Binder.getCallingPid();
		final int safeUserId = mService.mUserController.unsafeConvertIncomingUser(userId);
		final long ident = canClearIdentity(callingPid, callingUid, safeUserId)
		final long ident = canClearIdentity(callingPid, callingUid, userId)
		? Binder.clearCallingIdentity() : 0;
		final ContentProviderHolder holder;
		try {
		holder = getContentProviderExternalUnchecked(name, null /* token */,
		final ContentProviderHolder holder = getContentProviderExternalUnchecked(name, null,
		callingUid, "getmimetype", safeUserId);
		} finally {
		if (ident != 0) {
		Binder.restoreCallingIdentity(ident);
		}
		}

		try {
		if (isHolderVisibleToCaller(holder, callingUid, safeUserId)) {
		if (holder != null) {
		holder.provider.getTypeAsync(uri, new RemoteCallback(result -> {
		final long identity = Binder.clearCallingIdentity();
		try {
		@@ -1056,6 +1048,8 @@ public class ContentProviderHelper {
		} catch (RemoteException e) {
		Log.w(TAG, "Content provider dead retrieving " + uri, e);
		resultCallback.sendResult(Bundle.EMPTY);
		} finally {
		Binder.restoreCallingIdentity(ident);
		}
		}

		@@ -1071,16 +1065,6 @@ public class ContentProviderHelper {
		callingUid, -1, true) == PackageManager.PERMISSION_GRANTED;
		}

		private boolean isHolderVisibleToCaller(@Nullable ContentProviderHolder holder, int callingUid,
		@UserIdInt int userId) {
		if (holder == null \|\| holder.info == null) {
		return false;
		}

		return !mService.getPackageManagerInternal()
		.filterAppAccess(holder.info.packageName, callingUid, userId);
		}

		/**
		* Check if the calling UID has a possible chance at accessing the provider
		* at the given authority and user.
		@@ -1149,7 +1133,9 @@ public class ContentProviderHelper {
		"checkContentProviderUriPermission", userId);
		if (holder != null) {

		final AndroidPackage androidPackage = mService.getPackageManagerInternal()
		final PackageManagerInternal packageManagerInt = LocalServices.getService(
		PackageManagerInternal.class);
		final AndroidPackage androidPackage = packageManagerInt
		.getPackage(Binder.getCallingUid());
		if (androidPackage == null) {
		return PackageManager.PERMISSION_DENIED;