Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f078924b authored by Miguel Aranda's avatar Miguel Aranda Committed by Android (Google) Code Review
Browse files

Revert "Verify URI permissions in MediaMetadata" 

Revert submission 23183176-cherrypick-cherrypick-b/271851153-2wv66sqpfek-l2zpfrom2l

Reason for revert: b/284455264

Reverted changes: /q/submissionid:23183176-cherrypick-cherrypick-b/271851153-2wv66sqpfek-l2zpfrom2l

Change-Id: Ib13e971fe87d03e79ed4a5011d78faba7b171fcc
parent 01f65561

services/core/java/com/android/server/media/MediaSessionRecord.java

+9 −44
Original line number Diff line number Diff line
@@ -19,8 +19,6 @@ package com.android.server.media; 
import android.annotation.Nullable;

import android.app.PendingIntent;

import android.content.ComponentName;

import android.content.ContentProvider;

import android.content.ContentResolver;

import android.content.Context;

import android.content.Intent;

import android.content.pm.ParceledListSlice;
@@ -59,9 +57,6 @@ import android.util.EventLog; 
import android.util.Log;

import android.view.KeyEvent;



import com.android.server.LocalServices;

import com.android.server.uri.UriGrantsManagerInternal;



import java.io.PrintWriter;

import java.util.ArrayList;

import java.util.Arrays;
@@ -77,10 +72,6 @@ import java.util.concurrent.CopyOnWriteArrayList; 
// TODO(jaewan): Do not call service method directly -- introduce listener instead.

public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionRecordImpl {

    private static final String TAG = "MediaSessionRecord";

    private static final String[] ART_URIS = new String[] {

            MediaMetadata.METADATA_KEY_ALBUM_ART_URI,

            MediaMetadata.METADATA_KEY_ART_URI,

            MediaMetadata.METADATA_KEY_DISPLAY_ICON_URI};

    private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);



    /**
@@ -134,7 +125,6 @@ public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionR 
    private final SessionStub mSession;

    private final SessionCb mSessionCb;

    private final MediaSessionService mService;

    private final UriGrantsManagerInternal mUgmInternal;

    private final Context mContext;

    private final boolean mVolumeAdjustmentForRemoteGroupSessions;
@@ -196,7 +186,6 @@ public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionR 
        mAudioManager = (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);

        mAudioAttrs = DEFAULT_ATTRIBUTES;

        mPolicies = policies;

        mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class);

        mVolumeAdjustmentForRemoteGroupSessions = mContext.getResources().getBoolean(

                com.android.internal.R.bool.config_volumeAdjustmentForRemoteGroupSessions);
@@ -996,45 +985,21 @@ public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionR 
        public void setMetadata(MediaMetadata metadata, long duration, String metadataDescription)

                throws RemoteException {

            synchronized (mLock) {

                MediaMetadata temp = metadata == null ? null : new MediaMetadata.Builder(metadata)

                        .build();

                // This is to guarantee that the underlying bundle is unparceled

                // before we set it to prevent concurrent reads from throwing an

                // exception

                if (temp != null) {

                    temp.size();

                }

                mMetadata = temp;

                mDuration = duration;

                mMetadataDescription = metadataDescription;

                mMetadata = sanitizeMediaMetadata(metadata);

            }

            mHandler.post(MessageHandler.MSG_UPDATE_METADATA);

        }



        private MediaMetadata sanitizeMediaMetadata(MediaMetadata metadata) {

            if (metadata == null) {

                return null;

            }

            MediaMetadata.Builder metadataBuilder = new MediaMetadata.Builder(metadata);

            for (String key: ART_URIS) {

                String uriString = metadata.getString(key);

                if (TextUtils.isEmpty(uriString)) {

                    continue;

                }

                Uri uri = Uri.parse(uriString);

                if (!ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) {

                    continue;

                }

                try {

                    mUgmInternal.checkGrantUriPermission(getUid(),

                            getPackageName(),

                            ContentProvider.getUriWithoutUserId(uri),

                            Intent.FLAG_GRANT_READ_URI_PERMISSION,

                            ContentProvider.getUserIdFromUri(uri, getUserId()));

                } catch (SecurityException e) {

                    metadataBuilder.putString(key, null);

                }

            }

            MediaMetadata sanitizedMetadata = metadataBuilder.build();

            // sanitizedMetadata.size() guarantees that the underlying bundle is unparceled

            // before we set it to prevent concurrent reads from throwing an

            // exception

            sanitizedMetadata.size();

            return sanitizedMetadata;

        }



        @Override

        public void setPlaybackState(PlaybackState state) throws RemoteException {

            int oldState = mPlaybackState == null