diff options
author | Jeff Sharkey <jsharkey@android.com> | 2017-02-12 09:51:37 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-02-12 09:51:37 +0000 |
commit | 75f767afa16a98fbebc1ea2dd34def1a864b2d8a (patch) | |
tree | 0dd7be4d58361dd8c7c9cbcbcaabf0b3ac3dc578 | |
parent | b4c5c522e3c790a743ba6a8e2056359c08f60026 (diff) | |
parent | 32c71b078c01d7469ad45248ff086d08788cb28a (diff) | |
download | base-75f767afa16a98fbebc1ea2dd34def1a864b2d8a.tar.gz |
DO NOT MERGE. Grant MMS Uri permissions as the calling UID. am: 3f3da42ef9
am: 32c71b078c
Change-Id: I1af83dbf9869bd93ecc5c07e1ce6155206f73290
3 files changed, 30 insertions, 2 deletions
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java index 579b307efac6..1fbc12771717 100644 --- a/core/java/android/app/ActivityManagerInternal.java +++ b/core/java/android/app/ActivityManagerInternal.java @@ -18,6 +18,7 @@ package android.app; import android.annotation.NonNull; import android.content.ComponentName; +import android.content.Intent; /** * Activity manager local system service interface. @@ -26,6 +27,13 @@ import android.content.ComponentName; */ public abstract class ActivityManagerInternal { /** + * Grant Uri permissions from one app to another. This method only extends + * permission grants if {@code callingUid} has permission to them. + */ + public abstract void grantUriPermissionFromIntent(int callingUid, String targetPkg, + Intent intent, int targetUserId); + + /** * Verify that calling app has access to the given provider. */ public abstract String checkContentProviderAccess(String authority, int userId); diff --git a/services/core/java/com/android/server/MmsServiceBroker.java b/services/core/java/com/android/server/MmsServiceBroker.java index e0352e091af7..ba25f46f77ee 100644 --- a/services/core/java/com/android/server/MmsServiceBroker.java +++ b/services/core/java/com/android/server/MmsServiceBroker.java @@ -17,6 +17,7 @@ package com.android.server; import android.Manifest; +import android.app.ActivityManagerInternal; import android.app.AppOpsManager; import android.app.PendingIntent; import android.content.ComponentName; @@ -499,13 +500,21 @@ public class MmsServiceBroker extends SystemService { */ private Uri adjustUriForUserAndGrantPermission(Uri contentUri, String action, int permission) { + final Intent grantIntent = new Intent(); + grantIntent.setData(contentUri); + grantIntent.setFlags(permission); + + final int callingUid = Binder.getCallingUid(); final int callingUserId = UserHandle.getCallingUserId(); if (callingUserId != UserHandle.USER_OWNER) { contentUri = ContentProvider.maybeAddUserId(contentUri, callingUserId); } + long token = Binder.clearCallingIdentity(); try { - mContext.grantUriPermission(PHONE_PACKAGE_NAME, contentUri, permission); + LocalServices.getService(ActivityManagerInternal.class) + .grantUriPermissionFromIntent(callingUid, PHONE_PACKAGE_NAME, + grantIntent, UserHandle.USER_OWNER); // Grant permission for the carrier app. Intent intent = new Intent(action); @@ -514,7 +523,9 @@ public class MmsServiceBroker extends SystemService { List<String> carrierPackages = telephonyManager.getCarrierPackageNamesForIntent( intent); if (carrierPackages != null && carrierPackages.size() == 1) { - mContext.grantUriPermission(carrierPackages.get(0), contentUri, permission); + LocalServices.getService(ActivityManagerInternal.class) + .grantUriPermissionFromIntent(callingUid, carrierPackages.get(0), + grantIntent, UserHandle.USER_OWNER); } } finally { Binder.restoreCallingIdentity(token); diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 26fb46ab5ed6..ce0670e0f4ba 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -20673,6 +20673,15 @@ public final class ActivityManagerService extends ActivityManagerNative private final class LocalService extends ActivityManagerInternal { @Override + public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent, + int targetUserId) { + synchronized (ActivityManagerService.this) { + ActivityManagerService.this.grantUriPermissionFromIntentLocked(callingUid, + targetPkg, intent, null, targetUserId); + } + } + + @Override public String checkContentProviderAccess(String authority, int userId) { return ActivityManagerService.this.checkContentProviderAccess(authority, userId); } |