diff options
author | Jeff Sharkey <jsharkey@android.com> | 2018-08-07 15:02:17 -0600 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-08-16 16:39:52 +0000 |
commit | 3a701f90e93472011d1be9b590de0234ec8f8a84 (patch) | |
tree | aa08ba29f7df01ceb11b341ae091c59a085fe0ca | |
parent | 48a49c740e0a8c615433081463bd359a219a8c14 (diff) | |
download | base-3a701f90e93472011d1be9b590de0234ec8f8a84.tar.gz |
DO NOT MERGE. Persistable Uri grants still require permissions.
When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.
The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.
Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit d6a6e7127cc341ca875d9d13cf7a864d9f20b479)
-rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 19b25f0590a1..bbd2ca4cb394 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -9626,10 +9626,17 @@ public class ActivityManagerService extends IActivityManager.Stub } } - // If we're extending a persistable grant, then we always need to create - // the grant data structure so that take/release APIs work + // Figure out the value returned when access is allowed + final int allowedResult; if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) { - return targetUid; + // If we're extending a persistable grant, then we need to return + // "targetUid" so that we always create a grant data structure to + // support take/release APIs + allowedResult = targetUid; + } else { + // Otherwise, we can return "-1" to indicate that no grant data + // structures need to be created + allowedResult = -1; } if (targetUid >= 0) { @@ -9638,7 +9645,7 @@ public class ActivityManagerService extends IActivityManager.Stub // No need to grant the target this permission. if (DEBUG_URI_PERMISSION) Slog.v(TAG_URI_PERMISSION, "Target " + targetPkg + " already has full permission to " + grantUri); - return -1; + return allowedResult; } } else { // First... there is no target package, so can anyone access it? @@ -9673,7 +9680,7 @@ public class ActivityManagerService extends IActivityManager.Stub } } if (allowed) { - return -1; + return allowedResult; } } |