ActivityManagerService: Allow openContentUri from vendor/system/product.

Apps should not have direct access to this entry point. Check that the caller is a vendor, system, or product package. Test: Ran PoC app and CtsMediaPlayerTestCases. Bug: 236688380 (cherry picked from commit d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e37820e47c383aecf9d1173a0676c27e6a59ce4f) Merged-In: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f Change-Id: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
author: Austin Borger <borgera@google.com> 2023-03-18 12:56:12 -0700
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-06-14 00:36:07 +0000
commit: 19a0fdb34c49e6d0d702447ba44d2a38371d257d (patch)
tree: 2ca9a8d9e7a5248ca9c549e8e73b148728d5785c
parent: 883c0151c0a881f43dcd3f45894ec420cf753d46 (diff)
download: base-19a0fdb34c49e6d0d702447ba44d2a38371d257d.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index f0dac2607a4e..ba0aaa1b7d8c 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -6792,7 +6792,7 @@ public class ActivityManagerService extends IActivityManager.Stub
         mActivityTaskManager.unhandledBack();
     }
 
-    // TODO: Move to ContentProviderHelper?
+    // TODO: Replace this method with one that returns a bound IContentProvider.
     public ParcelFileDescriptor openContentUri(String uriString) throws RemoteException {
         enforceNotIsolatedCaller("openContentUri");
         final int userId = UserHandle.getCallingUserId();
@@ -6821,6 +6821,16 @@ public class ActivityManagerService extends IActivityManager.Stub
                     Log.e(TAG, "Cannot find package for uid: " + uid);
                     return null;
                 }
+
+                final ApplicationInfo appInfo = mPackageManagerInt.getApplicationInfo(
+                        androidPackage.getPackageName(), /*flags*/0, Process.SYSTEM_UID,
+                        UserHandle.USER_SYSTEM);
+                if (!appInfo.isVendor() && !appInfo.isSystemApp() && !appInfo.isSystemExt()
+                        && !appInfo.isProduct()) {
+                    Log.e(TAG, "openContentUri may only be used by vendor/system/product.");
+                    return null;
+                }
+
                 final AttributionSource attributionSource = new AttributionSource(
                         Binder.getCallingUid(), androidPackage.getPackageName(), null);
                 pfd = cph.provider.openFile(attributionSource, uri, "r", null);
author	Austin Borger <borgera@google.com>	2023-03-18 12:56:12 -0700
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-06-14 00:36:07 +0000
commit	19a0fdb34c49e6d0d702447ba44d2a38371d257d (patch)
tree	2ca9a8d9e7a5248ca9c549e8e73b148728d5785c
parent	883c0151c0a881f43dcd3f45894ec420cf753d46 (diff)
download	base-19a0fdb34c49e6d0d702447ba44d2a38371d257d.tar.gz