Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a2998ea authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Better enforcement in DocumentsProvider.call(). 

Use ContentProvider.enforceWritePermissionInner() to handle all edge
cases around checking if caller has write permissions.  This fixes
bug where call() would throw if caller and provider were the same app.

Bug: 11464234
Change-Id: Iace8e0e4243d56ed1cdcc9680383103975107036
parent eaa9780f

core/java/android/content/ContentProvider.java

+107 −105
Original line number Diff line number Diff line
@@ -398,7 +398,17 @@ public abstract class ContentProvider implements ComponentCallbacks2 { 
            return AppOpsManager.MODE_ALLOWED;

        }



        private void enforceReadPermissionInner(Uri uri) throws SecurityException {

        private int enforceWritePermission(String callingPkg, Uri uri) throws SecurityException {

            enforceWritePermissionInner(uri);

            if (mWriteOp != AppOpsManager.OP_NONE) {

                return mAppOpsManager.noteOp(mWriteOp, Binder.getCallingUid(), callingPkg);

            }

            return AppOpsManager.MODE_ALLOWED;

        }

    }



    /** {@hide} */

    protected void enforceReadPermissionInner(Uri uri) throws SecurityException {

        final Context context = getContext();

        final int pid = Binder.getCallingPid();

        final int uid = Binder.getCallingUid();
@@ -459,15 +469,8 @@ public abstract class ContentProvider implements ComponentCallbacks2 { 
                + ", uid=" + uid + failReason);

    }



        private int enforceWritePermission(String callingPkg, Uri uri) throws SecurityException {

            enforceWritePermissionInner(uri);

            if (mWriteOp != AppOpsManager.OP_NONE) {

                return mAppOpsManager.noteOp(mWriteOp, Binder.getCallingUid(), callingPkg);

            }

            return AppOpsManager.MODE_ALLOWED;

        }



        private void enforceWritePermissionInner(Uri uri) throws SecurityException {

    /** {@hide} */

    protected void enforceWritePermissionInner(Uri uri) throws SecurityException {

        final Context context = getContext();

        final int pid = Binder.getCallingPid();

        final int uid = Binder.getCallingUid();
@@ -527,7 +530,6 @@ public abstract class ContentProvider implements ComponentCallbacks2 { 
                + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid

                + ", uid=" + uid + failReason);

    }

    }



    /**

     * Retrieves the Context this provider is running in.  Only available once

core/java/android/provider/DocumentsProvider.java

+1 −4
Original line number Diff line number Diff line
@@ -512,10 +512,7 @@ public abstract class DocumentsProvider extends ContentProvider { 
        final boolean callerHasManage =

                context.checkCallingOrSelfPermission(android.Manifest.permission.MANAGE_DOCUMENTS)

                == PackageManager.PERMISSION_GRANTED;

        if (!callerHasManage) {

            getContext().enforceCallingOrSelfUriPermission(

                    documentUri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION, method);

        }

        enforceWritePermissionInner(documentUri);



        final Bundle out = new Bundle();

        try {