Google Git
Sign in
android / platform / frameworks / base / 962fb40991f15be4f688d960aa00073683ebdd20^! / .
commit962fb40991f15be4f688d960aa00073683ebdd20[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Tue Aug 07 15:02:17 2018 -0600
committerandroid-build-team Robot <android-build-team-robot@google.com>Thu Aug 16 16:01:38 2018 +0000
treeaa08ba29f7df01ceb11b341ae091c59a085fe0ca
parent4bfc7a5dbba1515975f202d7a545cf7fe42bc021 [diff]
DO NOT MERGE. Persistable Uri grants still require permissions.

When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.

The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.

Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit d6a6e7127cc341ca875d9d13cf7a864d9f20b479)

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 19b25f0..bbd2ca4 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java

@@ -9626,10 +9626,17 @@
             }
         }
 
-        // If we're extending a persistable grant, then we always need to create
-        // the grant data structure so that take/release APIs work
+        // Figure out the value returned when access is allowed
+        final int allowedResult;
         if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) {
-            return targetUid;
+            // If we're extending a persistable grant, then we need to return
+            // "targetUid" so that we always create a grant data structure to
+            // support take/release APIs
+            allowedResult = targetUid;
+        } else {
+            // Otherwise, we can return "-1" to indicate that no grant data
+            // structures need to be created
+            allowedResult = -1;
         }
 
         if (targetUid >= 0) {
@@ -9638,7 +9645,7 @@
                 // No need to grant the target this permission.
                 if (DEBUG_URI_PERMISSION) Slog.v(TAG_URI_PERMISSION,
                         "Target " + targetPkg + " already has full permission to " + grantUri);
-                return -1;
+                return allowedResult;
             }
         } else {
             // First...  there is no target package, so can anyone access it?
@@ -9673,7 +9680,7 @@
                 }
             }
             if (allowed) {
-                return -1;
+                return allowedResult;
             }
         }