Merge "RingtonePlayer: preventative cleanup before a SecurityException" into main

                throws RemoteException {

            playWithVolumeShaping(token, uri, aa, volume, looping, null);

        }

        @Override

        public void playWithVolumeShaping(IBinder token, Uri uri, AudioAttributes aa, float volume,

                boolean looping, @Nullable VolumeShaper.Configuration volumeShaperConfig)

                Log.d(TAG, "play(token=" + token + ", uri=" + uri + ", uid="

                        + Binder.getCallingUid() + ")");

            }

            enforceUriUserId(uri);

            enforceUriUserId(uri, token);

            Client client;

            synchronized (mClients) {

        @Override

        public String getTitle(Uri uri) {

            enforceUriUserId(uri);

            enforceUriUserId(uri, null /*clientToken*/);

            final UserHandle user = Binder.getCallingUserHandle();

            return Ringtone.getTitle(getContextForUser(user), uri,

                    false /*followSettingsUri*/, false /*allowRemote*/);

        @Override

        public ParcelFileDescriptor openRingtone(Uri uri) {

            enforceUriUserId(uri);

            enforceUriUserId(uri, null /*clientToken*/);

            final UserHandle user = Binder.getCallingUserHandle();

            final ContentResolver resolver = getContextForUser(user).getContentResolver();

            }

            throw new SecurityException("Uri is not ringtone, alarm, or notification: " + uri);

        }

    };

        /**

         * Must be called from the Binder calling thread.

         * Ensures caller is from the same userId as the content they're trying to access.

         *

         * @param uri         the URI to check

     * @throws SecurityException when in a non-system call and userId in uri differs from the

         * @param clientToken the Client token used for the current query, null if not available

         *                    in the query (expected from calls other than the play* methods)

         * @throws SecurityException when in a non-system call and userId in uri differs

         *                           from the

         *                           caller's userId

         */

    private void enforceUriUserId(Uri uri) throws SecurityException {

        private void enforceUriUserId(Uri uri, @Nullable IBinder clientToken)

                throws SecurityException {

            final int uriUserId = ContentProvider.getUserIdFromUri(uri, UserHandle.myUserId());

            // for a non-system call, verify the URI to play belongs to the same user as the caller

        if (UserHandle.isApp(Binder.getCallingUid()) && (UserHandle.myUserId() != uriUserId)) {

            final String errorMessage = "Illegal access to uri=" + uri

            final int uid = Binder.getCallingUid();

            final int pid = Binder.getCallingPid();

            if (UserHandle.isApp(uid) && (UserHandle.myUserId() != uriUserId)) {

                final String errorMessage = "Illegal access by uid:" + uid + " pid:" + pid

                        + " to uri=" + uri

                        + " content associated with user=" + uriUserId

                    + ", current userID: " + UserHandle.myUserId();

                        + ", current userID=" + UserHandle.myUserId();

                if (android.media.audio.Flags.ringtoneUserUriCheck()) {

                    if (clientToken != null) {

                        // this client is accessing URIs it shouldn't access, stop it (which also

                        // removes it from mClients in the outer class)

                        stop(clientToken);

                    }

                    throw new SecurityException(errorMessage);

                } else {

                    Log.e(TAG, errorMessage, new Exception());

                }

            }

        }

    };

    private Context getContextForUser(UserHandle user) {

        try {