Merge "Add EXTRA_STREAM to requireContentUriPermissionFromCaller" into main

             {@link java.lang.SecurityException}.

             <p> Note that the enforcement works for content URIs inside

             {@link android.content.Intent#getData} and {@link android.content.Intent#getClipData}.

             {@link android.content.Intent#getData}, {@link android.content.Intent#EXTRA_STREAM},

             and {@link android.content.Intent#getClipData}.

             @FlaggedApi("android.security.content_uri_permission_apis") -->

        <attr name="requireContentUriPermissionFromCaller" format="string">

            <!-- Default, no specific permissions are required. -->

import android.content.pm.PathPermission;

import android.content.pm.ProviderInfo;

import android.net.Uri;

import android.os.BadParcelableException;

import android.os.Binder;

import android.os.Handler;

import android.os.IBinder;

        if (intent == null) {

            return null;

        }

        Uri data = intent.getData();

        ClipData clip = intent.getClipData();

        if (data == null && clip == null) {

            return null;

        }

        // Default userId for uris in the intent (if they don't specify it themselves)

        int contentUserHint = intent.getContentUserHint();

        if (contentUserHint == UserHandle.USER_CURRENT) {

            contentUserHint = UserHandle.getUserId(callingUid);

        }

        if (android.security.Flags.contentUriPermissionApis()) {

            enforceRequireContentUriPermissionFromCallerOnIntentExtraStream(intent, contentUserHint,

                    mode, callingUid, requireContentUriPermissionFromCaller);

        }

        Uri data = intent.getData();

        ClipData clip = intent.getClipData();

        if (data == null && clip == null) {

            return null;

        }

        int targetUid;

        if (needed != null) {

            targetUid = needed.targetUid;

        }

    }

    private void enforceRequireContentUriPermissionFromCallerOnIntentExtraStream(Intent intent,

            int contentUserHint, int mode, int callingUid,

            @RequiredContentUriPermission Integer requireContentUriPermissionFromCaller) {

        try {

            final Uri uri = intent.getParcelableExtra(Intent.EXTRA_STREAM, Uri.class);

            if (uri != null) {

                final GrantUri grantUri = GrantUri.resolve(contentUserHint, uri, mode);

                enforceRequireContentUriPermissionFromCaller(

                        requireContentUriPermissionFromCaller, grantUri, callingUid);

            }

        } catch (BadParcelableException e) {

            Slog.w(TAG, "Failed to unparcel an URI in EXTRA_STREAM, skipping"

                    + " requireContentUriPermissionFromCaller: " + e);

        }

        try {

            final ArrayList<Uri> uris = intent.getParcelableArrayListExtra(Intent.EXTRA_STREAM,

                    Uri.class);

            if (uris != null) {

                for (int i = uris.size() - 1; i >= 0; i--) {

                    final GrantUri grantUri = GrantUri.resolve(contentUserHint, uris.get(i), mode);

                    enforceRequireContentUriPermissionFromCaller(

                            requireContentUriPermissionFromCaller, grantUri, callingUid);

                }

            }

        } catch (BadParcelableException e) {

            Slog.w(TAG, "Failed to unparcel an ArrayList of URIs in EXTRA_STREAM, skipping"

                    + " requireContentUriPermissionFromCaller: " + e);

        }

    }

    @GuardedBy("mLock")

    private void readGrantedUriPermissionsLocked() {

        if (DEBUG) Slog.v(TAG, "readGrantedUriPermissions()");