Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 710d720d authored by Patrick Baumann's avatar Patrick Baumann
Browse files

Grants visibility on uri permission grant 

When permission is granted to another app via URI, we implicitly grant
visibility to that app of the app ID that that URI resolves to.

Test: atest AppSecurityTests
Fixes: 149781706
Fixes: 145677500
Exempt-From-Owner-Approval: Owner approved prior to cherry-pick
Change-Id: I7c8967a4464fd821e4f95d8eb6c0bcfadadb912e
parent 23c81a15

services/core/java/android/content/pm/PackageManagerInternal.java

+14 −6
Original line number Diff line number Diff line
@@ -458,8 +458,8 @@ public abstract class PackageManagerInternal { 
            Bundle verificationBundle, int userId);



    /**

     * Grants implicit access based on an interaction between two apps. This grants the target app

     * access to the calling application's package metadata.

     * Grants implicit access based on an interaction between two apps. This grants access to the

     * from one application to the other's package metadata.

     * <p>

     * When an application explicitly tries to interact with another application [via an

     * activity, service or provider that is either declared in the caller's
@@ -468,14 +468,22 @@ public abstract class PackageManagerInternal { 
     * metadata about the calling app. If the calling application uses an implicit intent [ie

     * action VIEW, category BROWSABLE], it remains hidden from the launched app.

     * <p>

     * If an interaction is not explicit, the {@code direct} argument should be set to false as

     * visibility should not be granted in some cases. This method handles that logic.

     * <p>

     * @param userId the user

     * @param intent the intent that triggered the grant

     * @param callingUid The uid of the calling application

     * @param targetAppId The app ID of the target application

     * @param recipientAppId The app ID of the application that is being given access to {@code

     *                       visibleUid}

     * @param visibleUid The uid of the application that is becoming accessible to {@code

     *                   recipientAppId}

     * @param direct true if the access is being made due to direct interaction between visibleUid

     *               and recipientAppId.

     */

    public abstract void grantImplicitAccess(

            @UserIdInt int userId, Intent intent, int callingUid,

            @AppIdInt int targetAppId);

            @UserIdInt int userId, Intent intent,

            @AppIdInt int recipientAppId, int visibleUid,

            boolean direct);



    public abstract boolean isInstantAppInstallerComponent(ComponentName component);

    /**

services/core/java/com/android/server/am/ActivityManagerService.java

+2 −2
Original line number Diff line number Diff line
@@ -6285,9 +6285,9 @@ public class ActivityManagerService extends IActivityManager.Stub 
    }















    @VisibleForTesting













    public void grantImplicitAccess(int userId, Intent intent, int callingUid, int targetAppId) {













    public void grantImplicitAccess(int userId, Intent intent, int visibleUid, int recipientAppId) {















        getPackageManagerInternalLocked().













                grantImplicitAccess(userId, intent, callingUid, targetAppId);













                grantImplicitAccess(userId, intent, recipientAppId, visibleUid, true /*direct*/);















    }





























    /**

































services/core/java/com/android/server/pm/AppsFilter.java



+6
−7




























Original line number
Diff line number
Diff line








@@ -354,14 +354,13 @@ public class AppsFilter {













     * Grants access based on an interaction between a calling and target package, granting















     * visibility of the caller from the target.















     *













     * @param callingUid the uid initiating the interaction













     * @param targetUid  the uid being interacted with and thus gaining visibility of the













     *                   initiating uid.













     * @param recipientUid the uid gaining visibility of the {@code visibleUid}.













     * @param visibleUid the uid becoming visible to the {@recipientUid}















     */













    public void grantImplicitAccess(int callingUid, int targetUid) {













        if (targetUid != callingUid













                && mImplicitlyQueryable.add(targetUid, callingUid) && DEBUG_LOGGING) {













            Slog.wtf(TAG, "implicit access granted: " + targetUid + " -> " + callingUid);













    public void grantImplicitAccess(int recipientUid, int visibleUid) {













        if (recipientUid != visibleUid













                && mImplicitlyQueryable.add(recipientUid, visibleUid) && DEBUG_LOGGING) {













            Slog.wtf(TAG, "implicit access granted: " + recipientUid + " -> " + visibleUid);















        }















    }

















































services/core/java/com/android/server/pm/InstantAppRegistry.java



+4
−4




























Original line number
Diff line number
Diff line








@@ -403,7 +403,7 @@ class InstantAppRegistry {





























    @GuardedBy("mService.mLock")















    public void grantInstantAccessLPw(@UserIdInt int userId, @Nullable Intent intent,













            int instantAppId, int targetAppId) {













            int recipientUid, int instantAppId) {















        if (mInstalledInstantAppUids == null) {















            return;     // no instant apps installed; no need to grant















        }









@@ -411,7 +411,7 @@ class InstantAppRegistry {













        if (instantAppList == null || !instantAppList.get(instantAppId)) {















            return;     // instant app id isn't installed; no need to grant















        }













        if (instantAppList.get(targetAppId)) {













        if (instantAppList.get(recipientUid)) {















            return;     // target app id is an instant app; no need to grant















        }















        if (intent != null && Intent.ACTION_VIEW.equals(intent.getAction())) {









@@ -428,10 +428,10 @@ class InstantAppRegistry {













            targetAppList = new SparseArray<>();















            mInstantGrants.put(userId, targetAppList);















        }













        SparseBooleanArray instantGrantList = targetAppList.get(targetAppId);













        SparseBooleanArray instantGrantList = targetAppList.get(recipientUid);















        if (instantGrantList == null) {















            instantGrantList = new SparseBooleanArray();













            targetAppList.put(targetAppId, instantGrantList);













            targetAppList.put(recipientUid, instantGrantList);















        }















        instantGrantList.put(instantAppId, true /*granted*/);















    }

































services/core/java/com/android/server/pm/PackageManagerService.java



+14
−9




























Original line number
Diff line number
Diff line








@@ -23566,22 +23566,27 @@ public class PackageManagerService extends IPackageManager.Stub



























        @Override















        public void grantImplicitAccess(int userId, Intent intent,













                int callingUid, int targetAppId) {













                int recipientAppId, int visibleUid, boolean direct) {















            synchronized (mLock) {













                final AndroidPackage callingPackage = getPackage(callingUid);













                final int targetUid = UserHandle.getUid(userId, targetAppId);













                final AndroidPackage targetPackage = getPackage(targetUid);













                if (callingPackage == null || targetPackage == null) {













                final AndroidPackage visiblePackage = getPackage(visibleUid);













                final int recipientUid = UserHandle.getUid(userId, recipientAppId);













                if (visiblePackage == null || getPackage(recipientUid) == null) {















                    return;















                }



























                final boolean instantApp = isInstantAppInternal(callingPackage.getPackageName(),













                        userId, callingUid);













                final boolean instantApp =













                        isInstantAppInternal(visiblePackage.getPackageName(), userId, visibleUid);















                if (instantApp) {













                    if (!direct) {













                        // if the interaction that lead to this granting access to an instant app













                        // was indirect (i.e.: URI permission grant), do not actually execute the













                        // grant.













                        return;













                    }















                    mInstantAppRegistry.grantInstantAccessLPw(userId, intent,













                            UserHandle.getAppId(callingUid), targetAppId);













                            recipientAppId, UserHandle.getAppId(visibleUid) /*instantAppId*/);















                } else {













                    mAppsFilter.grantImplicitAccess(callingUid, targetUid);













                    mAppsFilter.grantImplicitAccess(recipientUid, visibleUid);















                }















            }















        }