Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 31e48615 authored by Jeff Sharkey's avatar Jeff Sharkey Committed by WolfEnders
Browse files

DO NOT MERGE. Persistable Uri grants still require permissions. 

When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.

The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.

Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit d6a6e712)
parent e435d44a

services/java/com/android/server/am/ActivityManagerService.java

+15 −2
Original line number Diff line number Diff line
@@ -6190,13 +6190,26 @@ public final class ActivityManagerService extends ActivityManagerNative 
            }

        }









        // Figure out the value returned when access is allowed









        final int allowedResult;









        if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) {









            // If we're extending a persistable grant, then we need to return









            // "targetUid" so that we always create a grant data structure to









            // support take/release APIs









            allowedResult = targetUid;









        } else {









            // Otherwise, we can return "-1" to indicate that no grant data









            // structures need to be created









            allowedResult = -1;









        }

















        if (targetUid >= 0) {









            // First...  does the target actually need this permission?









            if (checkHoldingPermissionsLocked(pm, pi, uri, targetUid, modeFlags)) {









                // No need to grant the target this permission.









                if (DEBUG_URI_PERMISSION) Slog.v(TAG,









                        "Target " + targetPkg + " already has full permission to " + uri);









                return -1;









                return allowedResult;









            }









        } else {









            // First...  there is no target package, so can anyone access it?








@@ -6212,7 +6225,7 @@ public final class ActivityManagerService extends ActivityManagerNative







                }









            }









            if (allowed) {









                return -1;









                return allowedResult;









            }









        }