Merge "No direct Uri grants from system." (78d6e340) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActivityManagerService.java

+6 −1

Original line number	Original line	Diff line number	Diff line
	@@ -8103,7 +8103,12 @@ public class ActivityManagerService extends IActivityManager.Stub

	// Third... does the caller itself have permission to access		// Third... does the caller itself have permission to access
	// this uri?		// this uri?
	if (UserHandle.getAppId(callingUid) != Process.SYSTEM_UID) {		final int callingAppId = UserHandle.getAppId(callingUid);
			if ((callingAppId == Process.SYSTEM_UID) \|\| (callingAppId == Process.ROOT_UID)) {
			Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
			+ " grant to " + grantUri + "; use startActivityAsCaller() instead");
			return -1;
			} else {
	if (!checkHoldingPermissionsLocked(pm, pi, grantUri, callingUid, modeFlags)) {		if (!checkHoldingPermissionsLocked(pm, pi, grantUri, callingUid, modeFlags)) {
	// Require they hold a strong enough Uri permission		// Require they hold a strong enough Uri permission
	if (!checkUriPermissionLocked(grantUri, callingUid, modeFlags)) {		if (!checkUriPermissionLocked(grantUri, callingUid, modeFlags)) {