Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0ba7467 authored by Austin Borger's avatar Austin Borger
Browse files

ActivityManagerService: Allow openContentUri from vendor/system/product. 

Apps should not have direct access to this entry point. Check that the
caller is a vendor, system, or product package.

Test: Ran PoC app and CtsMediaPlayerTestCases.
Bug: 236688380
Change-Id: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
parent 7206bf09

services/core/java/com/android/server/am/ActivityManagerService.java

+11 −1
Original line number Diff line number Diff line
@@ -6915,7 +6915,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
        mActivityTaskManager.unhandledBack();

    }













    // TODO: Move to ContentProviderHelper?













    // TODO: Replace this method with one that returns a bound IContentProvider.















    public ParcelFileDescriptor openContentUri(String uriString) throws RemoteException {















        enforceNotIsolatedCaller("openContentUri");















        final int userId = UserHandle.getCallingUserId();










@@ -6944,6 +6944,16 @@ public class ActivityManagerService extends IActivityManager.Stub













                    Log.e(TAG, "Cannot find package for uid: " + uid);















                    return null;















                }

























                final ApplicationInfo appInfo = mPackageManagerInt.getApplicationInfo(













                        androidPackage.getPackageName(), /*flags*/0, Process.SYSTEM_UID,













                        UserHandle.USER_SYSTEM);













                if (!appInfo.isVendor() && !appInfo.isSystemApp() && !appInfo.isSystemExt()













                        && !appInfo.isProduct()) {













                    Log.e(TAG, "openContentUri may only be used by vendor/system/product.");













                    return null;













                }



























                final AttributionSource attributionSource = new AttributionSource(















                        Binder.getCallingUid(), androidPackage.getPackageName(), null);















                pfd = cph.provider.openFile(attributionSource, uri, "r", null);