Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f9a68e9 authored by Sumedh Sen's avatar Sumedh Sen
Browse files

[RESTRICT AUTOMERGE] Parse authority to separate userId and non-user parts of it 

Callers may pass an authority of type `10@com.example` to this API. We
must make sure to only find providers with authority `com.example` installed
in user 10.

Bug: 350456241

Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.ContentProviderMultiUserTests#testAccessFromInitialUser --user-type PRIMARY

Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.ContentProviderMultiUserTests --user-type SECONDARY

Flag: EXEMPT. Bug fix only
Change-Id: I737a435795698bdc612dc3bf88c31e5c8f9c17a6
Merged-In: I737a435795698bdc612dc3bf88c31e5c8f9c17a6
parent 09e13055

services/core/java/com/android/server/pm/ComputerEngine.java

+10 −3
Original line number Diff line number Diff line
@@ -66,6 +66,7 @@ import android.annotation.Nullable; 
import android.annotation.UserIdInt;

import android.app.ActivityManager;

import android.content.ComponentName;

import android.content.ContentProvider;

import android.content.Context;

import android.content.Intent;

import android.content.IntentFilter;
@@ -4760,8 +4761,14 @@ public class ComputerEngine implements Computer { 
            int callingUid) {

        if (!mUserManager.exists(userId)) return null;

        flags = updateFlagsForComponent(flags, userId);

        final ProviderInfo providerInfo = mComponentResolver.queryProvider(this, name, flags,

                userId);



        // Callers of this API may not always separate the userID and authority. Let's parse it

        // before resolving

        String authorityWithoutUserId = ContentProvider.getAuthorityWithoutUserId(name);

        userId = ContentProvider.getUserIdFromAuthority(name, userId);



        final ProviderInfo providerInfo = mComponentResolver.queryProvider(this,

                authorityWithoutUserId, flags, userId);

        boolean checkedGrants = false;

        if (providerInfo != null) {

            // Looking for cross-user grants before enforcing the typical cross-users permissions
@@ -4775,7 +4782,7 @@ public class ComputerEngine implements Computer { 
        if (!checkedGrants) {

            boolean enforceCrossUser = true;



            if (isAuthorityRedirectedForCloneProfile(name)) {

            if (isAuthorityRedirectedForCloneProfile(authorityWithoutUserId)) {

                final UserManagerInternal umInternal = mInjector.getUserManagerInternal();



                UserInfo userInfo = umInternal.getUserInfo(UserHandle.getUserId(callingUid));