diff options
author | Jeff Sharkey <jsharkey@android.com> | 2018-08-07 15:02:17 -0600 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-08-16 01:20:02 +0000 |
commit | ab8e82d8181a2011af40957fdd1d3b4882620899 (patch) | |
tree | 6be18e2f880c289b8eff0be9b4888f930291f3bd | |
parent | 89be24c647c93fb58733cdd3d06dfd5058776ae1 (diff) | |
download | base-ab8e82d8181a2011af40957fdd1d3b4882620899.tar.gz |
DO NOT MERGE. Persistable Uri grants still require permissions.
When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.
The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.
Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit 05519b7e3d0f3d16ddfe6ee3892c8468a2c10c62)
-rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 4a2d9c9ca5a4..366e533168d0 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -8841,10 +8841,17 @@ public class ActivityManagerService extends IActivityManager.Stub } } - // If we're extending a persistable grant, then we always need to create - // the grant data structure so that take/release APIs work + // Figure out the value returned when access is allowed + final int allowedResult; if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) { - return targetUid; + // If we're extending a persistable grant, then we need to return + // "targetUid" so that we always create a grant data structure to + // support take/release APIs + allowedResult = targetUid; + } else { + // Otherwise, we can return "-1" to indicate that no grant data + // structures need to be created + allowedResult = -1; } if (targetUid >= 0) { @@ -8853,7 +8860,7 @@ public class ActivityManagerService extends IActivityManager.Stub // No need to grant the target this permission. if (DEBUG_URI_PERMISSION) Slog.v(TAG_URI_PERMISSION, "Target " + targetPkg + " already has full permission to " + grantUri); - return -1; + return allowedResult; } } else { // First... there is no target package, so can anyone access it? @@ -8869,7 +8876,7 @@ public class ActivityManagerService extends IActivityManager.Stub } } if (allowed) { - return -1; + return allowedResult; } } |