Grant visibility even when not granting URI perm (9406f1de) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/uri/UriGrantsManagerService.java

+9 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,7 @@ import android.app.AppGlobals;
		import android.app.GrantedUriPermission;
		import android.app.IUriGrantsManager;
		import android.content.ClipData;
		import android.content.ComponentName;
		import android.content.ContentProvider;
		import android.content.ContentResolver;
		import android.content.Context;
		@@ -698,6 +699,11 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
		final UriPermission perm = findOrCreateUriPermissionLocked(
		sourcePkg, targetPkg, targetUid, grantUri);
		perm.initPersistedModes(modeFlags, createdTime);
		mPmInternal.grantImplicitAccess(
		targetUserId, null,
		UserHandle.getAppId(targetUid),
		pi.applicationInfo.uid,
		false /* direct */);
		}
		} else {
		Slog.w(TAG, "Persisted grant for " + uri + " had source " + sourcePkg
		@@ -1171,6 +1177,9 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
		// grant, we can skip generating any bookkeeping; when any advanced
		// features have been requested, we proceed below to make sure the
		// provider supports granting permissions
		mPmInternal.grantImplicitAccess(
		UserHandle.getUserId(targetUid), null,
		UserHandle.getAppId(targetUid), pi.applicationInfo.uid, false);
		return -1;
		}

services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java

+19 −0

Original line number	Diff line number	Diff line
		@@ -43,11 +43,19 @@ import static org.junit.Assert.assertFalse;
		import static org.junit.Assert.assertNull;
		import static org.junit.Assert.assertTrue;
		import static org.junit.Assert.fail;
		import static org.mockito.ArgumentMatchers.any;
		import static org.mockito.ArgumentMatchers.anyBoolean;
		import static org.mockito.ArgumentMatchers.anyInt;
		import static org.mockito.ArgumentMatchers.eq;
		import static org.mockito.ArgumentMatchers.isNull;
		import static org.mockito.Mockito.never;
		import static org.mockito.Mockito.verify;

		import android.content.ClipData;
		import android.content.Intent;
		import android.content.pm.ProviderInfo;
		import android.net.Uri;
		import android.os.UserHandle;
		import android.util.ArraySet;

		import androidx.test.InstrumentationRegistry;
		@@ -62,6 +70,12 @@ public class UriGrantsManagerServiceTest {
		private UriGrantsMockContext mContext;
		private UriGrantsManagerInternal mService;

		// we expect the following only during grant if a grant is expected
		private void verifyNoVisibilityGrant() {
		verify(mContext.mPmInternal, never())
		.grantImplicitAccess(anyInt(), any(), anyInt(), anyInt(), anyBoolean());
		}

		@Before
		public void setUp() throws Exception {
		mContext = new UriGrantsMockContext(InstrumentationRegistry.getContext());
		@@ -83,6 +97,7 @@ public class UriGrantsManagerServiceTest {
		assertEquals(UID_PRIMARY_SOCIAL, needed.targetUid);
		assertEquals(FLAG_READ, needed.flags);
		assertEquals(asSet(expectedGrant), needed.uris);
		verifyNoVisibilityGrant();
		}

		/**
		@@ -100,6 +115,7 @@ public class UriGrantsManagerServiceTest {
		assertEquals(UID_SECONDARY_SOCIAL, needed.targetUid);
		assertEquals(FLAG_READ, needed.flags);
		assertEquals(asSet(expectedGrant), needed.uris);
		verifyNoVisibilityGrant();
		}

		/**
		@@ -111,6 +127,8 @@ public class UriGrantsManagerServiceTest {
		final NeededUriGrants needed = mService.checkGrantUriPermissionFromIntent(
		intent, UID_PRIMARY_PUBLIC, PKG_SOCIAL, USER_PRIMARY);
		assertNull(needed);
		verify(mContext.mPmInternal).grantImplicitAccess(eq(USER_PRIMARY), isNull(), eq(
		UserHandle.getAppId(UID_PRIMARY_SOCIAL)), eq(UID_PRIMARY_PUBLIC), eq(false));
		}

		/**
		@@ -128,6 +146,7 @@ public class UriGrantsManagerServiceTest {
		assertEquals(UID_SECONDARY_SOCIAL, needed.targetUid);
		assertEquals(FLAG_READ, needed.flags);
		assertEquals(asSet(expectedGrant), needed.uris);
		verifyNoVisibilityGrant();
		}

		/**