Fix the issue provider can be wrong when requesting slice permission am: e3eba1322b (df8bc34b) · Commits · e / os / android_frameworks_base

core/java/android/app/slice/SliceProvider.java

+0 −5

Original line number	Diff line number	Diff line
		@@ -152,10 +152,6 @@ public abstract class SliceProvider extends ContentProvider {
		* @hide
		*/
		public static final String EXTRA_PKG = "pkg";
		/**
		* @hide
		*/
		public static final String EXTRA_PROVIDER_PKG = "provider_pkg";
		/**
		* @hide
		*/
		@@ -519,7 +515,6 @@ public abstract class SliceProvider extends ContentProvider {
		com.android.internal.R.string.config_slicePermissionComponent)));
		intent.putExtra(EXTRA_BIND_URI, sliceUri);
		intent.putExtra(EXTRA_PKG, callingPackage);
		intent.putExtra(EXTRA_PROVIDER_PKG, context.getPackageName());
		// Unique pending intent.
		intent.setData(sliceUri.buildUpon().appendQueryParameter("package", callingPackage)
		.build());

packages/SystemUI/src/com/android/systemui/SlicePermissionActivity.java

+35 −1

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@ package com.android.systemui;

		import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;

		import android.annotation.Nullable;
		import android.app.Activity;
		import android.app.AlertDialog;
		import android.app.slice.SliceManager;
		@@ -29,6 +30,7 @@ import android.content.pm.PackageManager.NameNotFoundException;
		import android.net.Uri;
		import android.os.Bundle;
		import android.text.BidiFormatter;
		import android.util.EventLog;
		import android.util.Log;
		import android.widget.CheckBox;
		import android.widget.TextView;
		@@ -50,10 +52,17 @@ public class SlicePermissionActivity extends Activity implements OnClickListener

		mUri = getIntent().getParcelableExtra(SliceProvider.EXTRA_BIND_URI);
		mCallingPkg = getIntent().getStringExtra(SliceProvider.EXTRA_PKG);
		mProviderPkg = getIntent().getStringExtra(SliceProvider.EXTRA_PROVIDER_PKG);
		if (mUri == null) {
		Log.e(TAG, SliceProvider.EXTRA_BIND_URI + " wasn't provided");
		finish();
		return;
		}

		try {
		PackageManager pm = getPackageManager();
		mProviderPkg = pm.resolveContentProvider(mUri.getAuthority(),
		PackageManager.GET_META_DATA).applicationInfo.packageName;
		verifyCallingPkg();
		CharSequence app1 = BidiFormatter.getInstance().unicodeWrap(pm.getApplicationInfo(
		mCallingPkg, 0).loadSafeLabel(pm, PackageItemInfo.DEFAULT_MAX_LABEL_SIZE_PX,
		PackageItemInfo.SAFE_LABEL_FLAG_TRIM
		@@ -97,4 +106,29 @@ public class SlicePermissionActivity extends Activity implements OnClickListener
		public void onDismiss(DialogInterface dialog) {
		finish();
		}

		private void verifyCallingPkg() {
		final String providerPkg = getIntent().getStringExtra("provider_pkg");
		if (providerPkg == null \|\| mProviderPkg.equals(providerPkg)) return;
		final String callingPkg = getCallingPkg();
		EventLog.writeEvent(0x534e4554, "159145361", getUid(callingPkg), String.format(
		"pkg %s (disguised as %s) attempted to request permission to show %s slices in %s",
		callingPkg, providerPkg, mProviderPkg, mCallingPkg));
		}

		@Nullable
		private String getCallingPkg() {
		final Uri referrer = getReferrer();
		if (referrer == null) return null;
		return referrer.getHost();
		}

		private int getUid(@Nullable final String pkg) {
		if (pkg == null) return -1;
		try {
		return getPackageManager().getApplicationInfo(pkg, 0).uid;
		} catch (NameNotFoundException e) {
		}
		return -1;
		}
		}