Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0419cc1 authored by Ashish Kumar's avatar Ashish Kumar
Browse files

Added permission checks for explicit grant while logging for getType calls. 

MediaProvider#checkUriPermission does not always checks for grants which are explcitly granted.
Fixing it with additional check.

Bug: b/266077645
Test: Manual test and logging
Change-Id: I7f3dd288a57cf334435bf93007a3f6f81b4fce3c
parent 44b20d34

core/java/android/content/ContentProvider.java

+8 −1
Original line number Diff line number Diff line
@@ -339,10 +339,17 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall 
                        final ProviderInfo cpi = mContext.getPackageManager()

                                .resolveContentProvider(uri.getAuthority(),

                                PackageManager.ComponentInfoFlags.of(PackageManager.GET_META_DATA));

                        final int callingUserId = UserHandle.getUserId(callingUid);

                        final Uri userUri = (mSingleUser

                                && !UserHandle.isSameUser(mMyUid, callingUid))

                                ? maybeAddUserId(uri, callingUserId) : uri;

                        if (cpi.forceUriPermissions

                                && mInterface.checkUriPermission(uri,

                                callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION)

                                != PermissionChecker.PERMISSION_GRANTED) {

                                != PermissionChecker.PERMISSION_GRANTED

                                && getContext().checkUriPermission(userUri, Binder.getCallingPid(),

                                callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION)

                                != PackageManager.PERMISSION_GRANTED) {

                            FrameworkStatsLog.write(GET_TYPE_ACCESSED_WITHOUT_PERMISSION,

                                    enumCheckUriPermission,

                                    callingUid, uri.getAuthority(), type);

services/core/java/com/android/server/am/ContentProviderHelper.java

+6 −2
Original line number Diff line number Diff line
@@ -1121,11 +1121,15 @@ public class ContentProviderHelper { 
            final String permissionCheck =

                    checkContentProviderPermission(cpi, callingPid, callingUid,

                            userId, checkUser, null);

            if (permissionCheck != null) {

            final boolean grantCheck = mService.checkUriPermission(uri, callingPid, callingUid,

                    Intent.FLAG_GRANT_READ_URI_PERMISSION , userId, null)

                    == PackageManager.PERMISSION_GRANTED;



            if (!grantCheck && permissionCheck != null) {

                FrameworkStatsLog.write(GET_TYPE_ACCESSED_WITHOUT_PERMISSION,

                        GET_TYPE_ACCESSED_WITHOUT_PERMISSION__LOCATION__AM_FRAMEWORK_PERMISSION,

                        callingUid, authority, type);

            } else if (cpi.forceUriPermissions

            } else if (!grantCheck && cpi.forceUriPermissions

                    && holder.provider.checkUriPermission(attributionSource,

                            uri, callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION)

                            != PermissionChecker.PERMISSION_GRANTED) {