Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e73bb60f authored by Andrey Yepin's avatar Andrey Yepin
Browse files

Verify that the caller has permissions for the icons it provided. 

Bug: 277207798
Test: manual testing: first reroduce the issue as described in the
 ticket then check that it is not reproduceable after the fix.
Merged-In: I08992550507572a4878c501184360a58adef53ad
Change-Id: Ic8cb75ed586e94c5895065f772bfb21013396dd0
parent ec5b02f0

core/java/com/android/internal/app/ChooserActivity.java

+49 −1
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.internal.app;



import static android.content.ContentProvider.getUriWithoutUserId;

import static android.content.ContentProvider.getUserIdFromUri;



import static com.android.internal.util.LatencyTracker.ACTION_LOAD_SHARE_SHEET;
@@ -32,7 +33,9 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.app.Activity;

import android.app.ActivityManager;

import android.app.IUriGrantsManager;

import android.app.SharedElementCallback;

import android.app.UriGrantsManager;

import android.app.prediction.AppPredictionContext;

import android.app.prediction.AppPredictionManager;

import android.app.prediction.AppPredictor;
@@ -68,6 +71,7 @@ import android.graphics.Paint; 
import android.graphics.Path;

import android.graphics.drawable.AnimatedVectorDrawable;

import android.graphics.drawable.Drawable;

import android.graphics.drawable.Icon;

import android.metrics.LogMaker;

import android.net.Uri;

import android.os.AsyncTask;
@@ -77,6 +81,7 @@ import android.os.Handler; 
import android.os.Message;

import android.os.Parcelable;

import android.os.PatternMatcher;

import android.os.RemoteException;

import android.os.ResultReceiver;

import android.os.UserHandle;

import android.os.UserManager;
@@ -663,7 +668,11 @@ public class ChooserActivity extends ResolverActivity implements 
                    targets = null;

                    break;

                }

                targets[i] = (ChooserTarget) pa[i];

                ChooserTarget chooserTarget = (ChooserTarget) pa[i];

                if (!hasValidIcon(chooserTarget)) {

                    chooserTarget = removeIcon(chooserTarget);

                }

                targets[i] = chooserTarget;

            }

            mCallerChooserTargets = targets;

        }
@@ -4038,4 +4047,43 @@ public class ChooserActivity extends ResolverActivity implements 
    private boolean shouldNearbyShareBeIncludedAsActionButton() {

        return !shouldNearbyShareBeFirstInRankedRow();

    }



    private boolean hasValidIcon(ChooserTarget target) {

        Icon icon = target.getIcon();

        if (icon == null) {

            return true;

        }

        if (icon.getType() == Icon.TYPE_URI || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP) {

            Uri uri = icon.getUri();

            try {

                getUriGrantsManager().checkGrantUriPermission_ignoreNonSystem(

                        getLaunchedFromUid(),

                        getPackageName(),

                        getUriWithoutUserId(uri),

                        Intent.FLAG_GRANT_READ_URI_PERMISSION,

                        getUserIdFromUri(uri)

                );

            } catch (SecurityException | RemoteException e) {

                Log.e(TAG, "Failed to get URI permission for: " + uri, e);

                return false;

            }

        }

        return true;

    }



    private IUriGrantsManager getUriGrantsManager() {

        return UriGrantsManager.getService();

    }



    private static ChooserTarget removeIcon(ChooserTarget target) {

        if (target == null) {

            return null;

        }

        return new ChooserTarget(

                target.getTitle(),

                null,

                target.getScore(),

                target.getComponentName(),

                target.getIntentExtras());

    }

}