Loading services/core/java/com/android/server/MmsServiceBroker.java +10 −6 Original line number Diff line number Diff line Loading @@ -45,6 +45,7 @@ import android.telephony.TelephonyManager; import android.util.Slog; import com.android.internal.telephony.IMms; import com.android.server.uri.NeededUriGrants; import com.android.server.uri.UriGrantsManagerInternal; import java.util.List; Loading Loading @@ -512,9 +513,11 @@ public class MmsServiceBroker extends SystemService { long token = Binder.clearCallingIdentity(); try { LocalServices.getService(UriGrantsManagerInternal.class) .grantUriPermissionFromIntent(callingUid, PHONE_PACKAGE_NAME, grantIntent, UserHandle.USER_SYSTEM); final UriGrantsManagerInternal ugm = LocalServices .getService(UriGrantsManagerInternal.class); final NeededUriGrants needed = ugm.checkGrantUriPermissionFromIntent( grantIntent, callingUid, PHONE_PACKAGE_NAME, UserHandle.USER_SYSTEM); ugm.grantUriPermissionUncheckedFromIntent(needed, null); // Grant permission for the carrier app. Intent intent = new Intent(action); Loading @@ -524,9 +527,10 @@ public class MmsServiceBroker extends SystemService { .getCarrierPackageNamesForIntentAndPhone( intent, getPhoneIdFromSubId(subId)); if (carrierPackages != null && carrierPackages.size() == 1) { LocalServices.getService(UriGrantsManagerInternal.class) .grantUriPermissionFromIntent(callingUid, carrierPackages.get(0), grantIntent, UserHandle.USER_SYSTEM); final NeededUriGrants carrierNeeded = ugm.checkGrantUriPermissionFromIntent( grantIntent, callingUid, carrierPackages.get(0), UserHandle.USER_SYSTEM); ugm.grantUriPermissionUncheckedFromIntent(carrierNeeded, null); } } finally { Binder.restoreCallingIdentity(token); Loading services/core/java/com/android/server/am/ActiveServices.java +1 −1 Original line number Diff line number Diff line Loading @@ -590,7 +590,7 @@ public final class ActiveServices { } NeededUriGrants neededGrants = mAm.mUgmInternal.checkGrantUriPermissionFromIntent( callingUid, r.packageName, service, service.getFlags(), null, r.userId); service, callingUid, r.packageName, r.userId); // If permissions need a review before any of the app components can run, // we do not start the service and launch a review activity if the calling app Loading services/core/java/com/android/server/am/ActivityManagerService.java +8 −5 Original line number Diff line number Diff line Loading @@ -365,6 +365,7 @@ import com.android.server.job.JobSchedulerInternal; import com.android.server.pm.Installer; import com.android.server.pm.permission.PermissionManagerServiceInternal; import com.android.server.uri.GrantUri; import com.android.server.uri.NeededUriGrants; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.utils.PriorityDump; import com.android.server.utils.TimingsTraceAndSlog; Loading Loading @@ -6511,17 +6512,19 @@ public class ActivityManagerService extends IActivityManager.Stub if (targetPkg == null) { throw new IllegalArgumentException("null target"); } if (grantUri == null) { throw new IllegalArgumentException("null uri"); } Preconditions.checkFlagsArgument(modeFlags, Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION); mUgmInternal.grantUriPermission(r.uid, targetPkg, grantUri, modeFlags, null, UserHandle.getUserId(r.uid)); final Intent intent = new Intent(); intent.setData(uri); intent.setFlags(modeFlags); final NeededUriGrants needed = mUgmInternal.checkGrantUriPermissionFromIntent(intent, r.uid, targetPkg, UserHandle.getUserId(r.uid)); mUgmInternal.grantUriPermissionUncheckedFromIntent(needed, null); } } Loading services/core/java/com/android/server/uri/UriGrantsManagerInternal.java +19 −12 Original line number Diff line number Diff line Loading @@ -31,28 +31,35 @@ import java.io.PrintWriter; public interface UriGrantsManagerInternal { void onSystemReady(); void removeUriPermissionIfNeeded(UriPermission perm); void grantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, final int modeFlags, UriPermissionOwner owner, int targetUserId); void revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, final int modeFlags); boolean checkUriPermission(GrantUri grantUri, int uid, final int modeFlags); int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, final int modeFlags, int lastTargetUid); int checkGrantUriPermission( int callingUid, String targetPkg, Uri uri, int modeFlags, int userId); NeededUriGrants checkGrantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int mode, NeededUriGrants needed, int targetUserId); /** * Grant Uri permissions from one app to another. This method only extends * permission grants if {@code callingUid} has permission to them. * Calculate the set of permission grants that would be needed to extend * access for the given {@link Intent} to the given target package. * * @throws SecurityException if the caller doesn't have permission to the * {@link Intent} data, or if the underlying provider doesn't * allow permissions to be granted. */ NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId); /** * Extend a previously calculated set of permissions grants to the given * owner. All security checks will have already been performed as part of * calculating {@link NeededUriGrants}. */ void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int targetUserId); void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId); void grantUriPermissionUncheckedFromIntent( NeededUriGrants needed, UriPermissionOwner owner); IBinder newUriPermissionOwner(String name); /** * Remove any {@link UriPermission} granted <em>from</em> or <em>to</em> the * given package. Loading services/core/java/com/android/server/uri/UriGrantsManagerService.java +4 −50 Original line number Diff line number Diff line Loading @@ -635,17 +635,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { return needed; } void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId) { NeededUriGrants needed = checkGrantUriPermissionFromIntent(callingUid, targetPkg, intent, intent != null ? intent.getFlags() : 0, null, targetUserId); if (needed == null) { return; } grantUriPermissionUncheckedFromIntent(needed, owner); } void readGrantedUriPermissions() { if (DEBUG) Slog.v(TAG, "readGrantedUriPermissions()"); Loading Loading @@ -1325,15 +1314,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } } @Override public void grantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, int modeFlags, UriPermissionOwner owner, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermission( callingUid, targetPkg, grantUri, modeFlags, owner, targetUserId); } } @Override public void revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, int modeFlags) { Loading @@ -1350,15 +1330,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } } @Override public int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri uri, int modeFlags, int userId) { synchronized (mLock) { return UriGrantsManagerService.this.checkGrantUriPermission( callingUid, targetPkg, uri, modeFlags, userId); } } @Override public int checkGrantUriPermission(int callingUid, String targetPkg, Uri uri, int modeFlags, int userId) { Loading @@ -1370,29 +1341,12 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } @Override public NeededUriGrants checkGrantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int mode, NeededUriGrants needed, int targetUserId) { public NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId) { synchronized (mLock) { final int mode = (intent != null) ? intent.getFlags() : 0; return UriGrantsManagerService.this.checkGrantUriPermissionFromIntent( callingUid, targetPkg, intent, mode, needed, targetUserId); } } @Override public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermissionFromIntent( callingUid, targetPkg, intent, null, targetUserId); } } @Override public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermissionFromIntent( callingUid, targetPkg, intent, owner, targetUserId); callingUid, targetPkg, intent, mode, null, targetUserId); } } Loading Loading
services/core/java/com/android/server/MmsServiceBroker.java +10 −6 Original line number Diff line number Diff line Loading @@ -45,6 +45,7 @@ import android.telephony.TelephonyManager; import android.util.Slog; import com.android.internal.telephony.IMms; import com.android.server.uri.NeededUriGrants; import com.android.server.uri.UriGrantsManagerInternal; import java.util.List; Loading Loading @@ -512,9 +513,11 @@ public class MmsServiceBroker extends SystemService { long token = Binder.clearCallingIdentity(); try { LocalServices.getService(UriGrantsManagerInternal.class) .grantUriPermissionFromIntent(callingUid, PHONE_PACKAGE_NAME, grantIntent, UserHandle.USER_SYSTEM); final UriGrantsManagerInternal ugm = LocalServices .getService(UriGrantsManagerInternal.class); final NeededUriGrants needed = ugm.checkGrantUriPermissionFromIntent( grantIntent, callingUid, PHONE_PACKAGE_NAME, UserHandle.USER_SYSTEM); ugm.grantUriPermissionUncheckedFromIntent(needed, null); // Grant permission for the carrier app. Intent intent = new Intent(action); Loading @@ -524,9 +527,10 @@ public class MmsServiceBroker extends SystemService { .getCarrierPackageNamesForIntentAndPhone( intent, getPhoneIdFromSubId(subId)); if (carrierPackages != null && carrierPackages.size() == 1) { LocalServices.getService(UriGrantsManagerInternal.class) .grantUriPermissionFromIntent(callingUid, carrierPackages.get(0), grantIntent, UserHandle.USER_SYSTEM); final NeededUriGrants carrierNeeded = ugm.checkGrantUriPermissionFromIntent( grantIntent, callingUid, carrierPackages.get(0), UserHandle.USER_SYSTEM); ugm.grantUriPermissionUncheckedFromIntent(carrierNeeded, null); } } finally { Binder.restoreCallingIdentity(token); Loading
services/core/java/com/android/server/am/ActiveServices.java +1 −1 Original line number Diff line number Diff line Loading @@ -590,7 +590,7 @@ public final class ActiveServices { } NeededUriGrants neededGrants = mAm.mUgmInternal.checkGrantUriPermissionFromIntent( callingUid, r.packageName, service, service.getFlags(), null, r.userId); service, callingUid, r.packageName, r.userId); // If permissions need a review before any of the app components can run, // we do not start the service and launch a review activity if the calling app Loading
services/core/java/com/android/server/am/ActivityManagerService.java +8 −5 Original line number Diff line number Diff line Loading @@ -365,6 +365,7 @@ import com.android.server.job.JobSchedulerInternal; import com.android.server.pm.Installer; import com.android.server.pm.permission.PermissionManagerServiceInternal; import com.android.server.uri.GrantUri; import com.android.server.uri.NeededUriGrants; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.utils.PriorityDump; import com.android.server.utils.TimingsTraceAndSlog; Loading Loading @@ -6511,17 +6512,19 @@ public class ActivityManagerService extends IActivityManager.Stub if (targetPkg == null) { throw new IllegalArgumentException("null target"); } if (grantUri == null) { throw new IllegalArgumentException("null uri"); } Preconditions.checkFlagsArgument(modeFlags, Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION); mUgmInternal.grantUriPermission(r.uid, targetPkg, grantUri, modeFlags, null, UserHandle.getUserId(r.uid)); final Intent intent = new Intent(); intent.setData(uri); intent.setFlags(modeFlags); final NeededUriGrants needed = mUgmInternal.checkGrantUriPermissionFromIntent(intent, r.uid, targetPkg, UserHandle.getUserId(r.uid)); mUgmInternal.grantUriPermissionUncheckedFromIntent(needed, null); } } Loading
services/core/java/com/android/server/uri/UriGrantsManagerInternal.java +19 −12 Original line number Diff line number Diff line Loading @@ -31,28 +31,35 @@ import java.io.PrintWriter; public interface UriGrantsManagerInternal { void onSystemReady(); void removeUriPermissionIfNeeded(UriPermission perm); void grantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, final int modeFlags, UriPermissionOwner owner, int targetUserId); void revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, final int modeFlags); boolean checkUriPermission(GrantUri grantUri, int uid, final int modeFlags); int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, final int modeFlags, int lastTargetUid); int checkGrantUriPermission( int callingUid, String targetPkg, Uri uri, int modeFlags, int userId); NeededUriGrants checkGrantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int mode, NeededUriGrants needed, int targetUserId); /** * Grant Uri permissions from one app to another. This method only extends * permission grants if {@code callingUid} has permission to them. * Calculate the set of permission grants that would be needed to extend * access for the given {@link Intent} to the given target package. * * @throws SecurityException if the caller doesn't have permission to the * {@link Intent} data, or if the underlying provider doesn't * allow permissions to be granted. */ NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId); /** * Extend a previously calculated set of permissions grants to the given * owner. All security checks will have already been performed as part of * calculating {@link NeededUriGrants}. */ void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int targetUserId); void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId); void grantUriPermissionUncheckedFromIntent( NeededUriGrants needed, UriPermissionOwner owner); IBinder newUriPermissionOwner(String name); /** * Remove any {@link UriPermission} granted <em>from</em> or <em>to</em> the * given package. Loading
services/core/java/com/android/server/uri/UriGrantsManagerService.java +4 −50 Original line number Diff line number Diff line Loading @@ -635,17 +635,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { return needed; } void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId) { NeededUriGrants needed = checkGrantUriPermissionFromIntent(callingUid, targetPkg, intent, intent != null ? intent.getFlags() : 0, null, targetUserId); if (needed == null) { return; } grantUriPermissionUncheckedFromIntent(needed, owner); } void readGrantedUriPermissions() { if (DEBUG) Slog.v(TAG, "readGrantedUriPermissions()"); Loading Loading @@ -1325,15 +1314,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } } @Override public void grantUriPermission(int callingUid, String targetPkg, GrantUri grantUri, int modeFlags, UriPermissionOwner owner, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermission( callingUid, targetPkg, grantUri, modeFlags, owner, targetUserId); } } @Override public void revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, int modeFlags) { Loading @@ -1350,15 +1330,6 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } } @Override public int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri uri, int modeFlags, int userId) { synchronized (mLock) { return UriGrantsManagerService.this.checkGrantUriPermission( callingUid, targetPkg, uri, modeFlags, userId); } } @Override public int checkGrantUriPermission(int callingUid, String targetPkg, Uri uri, int modeFlags, int userId) { Loading @@ -1370,29 +1341,12 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub { } @Override public NeededUriGrants checkGrantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int mode, NeededUriGrants needed, int targetUserId) { public NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId) { synchronized (mLock) { final int mode = (intent != null) ? intent.getFlags() : 0; return UriGrantsManagerService.this.checkGrantUriPermissionFromIntent( callingUid, targetPkg, intent, mode, needed, targetUserId); } } @Override public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermissionFromIntent( callingUid, targetPkg, intent, null, targetUserId); } } @Override public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, UriPermissionOwner owner, int targetUserId) { synchronized (mLock) { UriGrantsManagerService.this.grantUriPermissionFromIntent( callingUid, targetPkg, intent, owner, targetUserId); callingUid, targetPkg, intent, mode, null, targetUserId); } } Loading
