DO NOT MERGE. Grant MMS Uri permissions as the calling UID. am: 3f3da42ef9

am: 32c71b078c Change-Id: I1af83dbf9869bd93ecc5c07e1ce6155206f73290
author: Jeff Sharkey <jsharkey@android.com> 2017-02-12 09:51:37 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-12 09:51:37 +0000
commit: 75f767afa16a98fbebc1ea2dd34def1a864b2d8a (patch)
tree: 0dd7be4d58361dd8c7c9cbcbcaabf0b3ac3dc578
parent: b4c5c522e3c790a743ba6a8e2056359c08f60026 (diff)
parent: 32c71b078c01d7469ad45248ff086d08788cb28a (diff)
download: base-75f767afa16a98fbebc1ea2dd34def1a864b2d8a.tar.gz
3 files changed, 30 insertions, 2 deletions
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index 579b307efac6..1fbc12771717 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -18,6 +18,7 @@ package android.app;
 
 import android.annotation.NonNull;
 import android.content.ComponentName;
+import android.content.Intent;
 
 /**
  * Activity manager local system service interface.
@@ -26,6 +27,13 @@ import android.content.ComponentName;
  */
 public abstract class ActivityManagerInternal {
     /**
+     * Grant Uri permissions from one app to another. This method only extends
+     * permission grants if {@code callingUid} has permission to them.
+     */
+    public abstract void grantUriPermissionFromIntent(int callingUid, String targetPkg,
+            Intent intent, int targetUserId);
+
+    /**
      * Verify that calling app has access to the given provider.
      */
     public abstract String checkContentProviderAccess(String authority, int userId);
diff --git a/services/core/java/com/android/server/MmsServiceBroker.java b/services/core/java/com/android/server/MmsServiceBroker.java
index e0352e091af7..ba25f46f77ee 100644
--- a/services/core/java/com/android/server/MmsServiceBroker.java
+++ b/services/core/java/com/android/server/MmsServiceBroker.java
@@ -17,6 +17,7 @@
 package com.android.server;
 
 import android.Manifest;
+import android.app.ActivityManagerInternal;
 import android.app.AppOpsManager;
 import android.app.PendingIntent;
 import android.content.ComponentName;
@@ -499,13 +500,21 @@ public class MmsServiceBroker extends SystemService {
          */
         private Uri adjustUriForUserAndGrantPermission(Uri contentUri, String action,
                 int permission) {
+            final Intent grantIntent = new Intent();
+            grantIntent.setData(contentUri);
+            grantIntent.setFlags(permission);
+
+            final int callingUid = Binder.getCallingUid();
             final int callingUserId = UserHandle.getCallingUserId();
             if (callingUserId != UserHandle.USER_OWNER) {
                 contentUri = ContentProvider.maybeAddUserId(contentUri, callingUserId);
             }
+
             long token = Binder.clearCallingIdentity();
             try {
-                mContext.grantUriPermission(PHONE_PACKAGE_NAME, contentUri, permission);
+                LocalServices.getService(ActivityManagerInternal.class)
+                        .grantUriPermissionFromIntent(callingUid, PHONE_PACKAGE_NAME,
+                                grantIntent, UserHandle.USER_OWNER);
 
                 // Grant permission for the carrier app.
                 Intent intent = new Intent(action);
@@ -514,7 +523,9 @@ public class MmsServiceBroker extends SystemService {
                 List<String> carrierPackages = telephonyManager.getCarrierPackageNamesForIntent(
                         intent);
                 if (carrierPackages != null && carrierPackages.size() == 1) {
-                    mContext.grantUriPermission(carrierPackages.get(0), contentUri, permission);
+                    LocalServices.getService(ActivityManagerInternal.class)
+                            .grantUriPermissionFromIntent(callingUid, carrierPackages.get(0),
+                                    grantIntent, UserHandle.USER_OWNER);
                 }
             } finally {
                 Binder.restoreCallingIdentity(token);
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 26fb46ab5ed6..ce0670e0f4ba 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -20673,6 +20673,15 @@ public final class ActivityManagerService extends ActivityManagerNative
 
     private final class LocalService extends ActivityManagerInternal {
         @Override
+        public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent,
+                int targetUserId) {
+            synchronized (ActivityManagerService.this) {
+                ActivityManagerService.this.grantUriPermissionFromIntentLocked(callingUid,
+                        targetPkg, intent, null, targetUserId);
+            }
+        }
+
+        @Override
         public String checkContentProviderAccess(String authority, int userId) {
             return ActivityManagerService.this.checkContentProviderAccess(authority, userId);
         }
author	Jeff Sharkey <jsharkey@android.com>	2017-02-12 09:51:37 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-12 09:51:37 +0000
commit	75f767afa16a98fbebc1ea2dd34def1a864b2d8a (patch)
tree	0dd7be4d58361dd8c7c9cbcbcaabf0b3ac3dc578
parent	b4c5c522e3c790a743ba6a8e2056359c08f60026 (diff)
parent	32c71b078c01d7469ad45248ff086d08788cb28a (diff)
download	base-75f767afa16a98fbebc1ea2dd34def1a864b2d8a.tar.gz