Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b896f2c authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Collect Uri grants for startActivities(). 

It looks like the implementation of startActivities() was resolving
the target ActivityInfo, but it wasn't collecting the needed Uri
permission grants.

This change updates startActivities() to use the same logic used by
ActivityStarter.Request.resolverActivity(), where we collect the
grants immediately after ActivityStackSupervisor.resolveActivity().

Bug: 159412574
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.AppSecurityTests#testPermissionDiffCert
Change-Id: I4e92701b7b9bb23307a4eeca27d33b78537c2805
parent 5cc486b1

services/core/java/com/android/server/wm/ActivityStartController.java

+11 −0
Original line number Diff line number Diff line
@@ -52,6 +52,7 @@ import com.android.internal.annotations.VisibleForTesting; 
import com.android.internal.util.ArrayUtils;

import com.android.server.am.ActivityManagerService;

import com.android.server.am.PendingIntentRecord;

import com.android.server.uri.NeededUriGrants;

import com.android.server.wm.ActivityStackSupervisor.PendingActivityLaunch;

import com.android.server.wm.ActivityStarter.DefaultFactory;

import com.android.server.wm.ActivityStarter.Factory;
@@ -402,6 +403,7 @@ public class ActivityStartController { 
            // potentially acquire activity manager lock that leads to deadlock.

            for (int i = 0; i < intents.length; i++) {

                Intent intent = intents[i];

                NeededUriGrants intentGrants = null;



                // Refuse possible leaked file descriptors.

                if (intent.hasFileDescriptors()) {
@@ -418,6 +420,14 @@ public class ActivityStartController { 
                        0 /* startFlags */, null /* profilerInfo */, userId, filterCallingUid);

                aInfo = mService.mAmInternal.getActivityInfoForUser(aInfo, userId);



                // Carefully collect grants without holding lock

                if (aInfo != null) {

                    intentGrants = mSupervisor.mService.mUgmInternal

                            .checkGrantUriPermissionFromIntent(intent, filterCallingUid,

                                    aInfo.applicationInfo.packageName,

                                    UserHandle.getUserId(aInfo.applicationInfo.uid));

                }



                if (aInfo != null) {

                    if ((aInfo.applicationInfo.privateFlags

                            & ApplicationInfo.PRIVATE_FLAG_CANT_SAVE_STATE) != 0) {
@@ -433,6 +443,7 @@ public class ActivityStartController { 
                        ? options

                        : null;

                starters[i] = obtainStarter(intent, reason)

                        .setIntentGrants(intentGrants)

                        .setCaller(caller)

                        .setResolvedType(resolvedTypes[i])

                        .setActivityInfo(aInfo)

services/core/java/com/android/server/wm/ActivityStarter.java

+5 −0
Original line number Diff line number Diff line
@@ -2632,6 +2632,11 @@ class ActivityStarter { 
        return mRequest.intent;

    }



    ActivityStarter setIntentGrants(NeededUriGrants intentGrants) {

        mRequest.intentGrants = intentGrants;

        return this;

    }



    ActivityStarter setReason(String reason) {

        mRequest.reason = reason;

        return this;