Commit ab8e82d8 authored by Jeff Sharkey's avatar Jeff Sharkey Committed by android-build-team Robot

DO NOT MERGE. Persistable Uri grants still require permissions.

When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.

The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.

Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit 05519b7e)
parent 89be24c6
......@@ -8841,10 +8841,17 @@ public class ActivityManagerService extends IActivityManager.Stub
}
}
// If we're extending a persistable grant, then we always need to create
// the grant data structure so that take/release APIs work
// Figure out the value returned when access is allowed
final int allowedResult;
if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) {
return targetUid;
// If we're extending a persistable grant, then we need to return
// "targetUid" so that we always create a grant data structure to
// support take/release APIs
allowedResult = targetUid;
} else {
// Otherwise, we can return "-1" to indicate that no grant data
// structures need to be created
allowedResult = -1;
}
if (targetUid >= 0) {
......@@ -8853,7 +8860,7 @@ public class ActivityManagerService extends IActivityManager.Stub
// No need to grant the target this permission.
if (DEBUG_URI_PERMISSION) Slog.v(TAG_URI_PERMISSION,
"Target " + targetPkg + " already has full permission to " + grantUri);
return -1;
return allowedResult;
}
} else {
// First... there is no target package, so can anyone access it?
......@@ -8869,7 +8876,7 @@ public class ActivityManagerService extends IActivityManager.Stub
}
}
if (allowed) {
return -1;
return allowedResult;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment