Google Git
Sign in
android / platform / frameworks / base / dba1bb07e04b51b1bd0a1251711781e731ce9524
commitdba1bb07e04b51b1bd0a1251711781e731ce9524[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Mon Jun 12 17:33:07 2017 -0600
committerJeff Sharkey <jsharkey@google.com>Tue Oct 03 20:35:10 2017 +0000
tree60ebda3453d0a92ecb1e4b5954e2d9eb8c3645dd
parent995627c3ee75dce1ebf6338012cba60d68fe94f0 [diff]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.

KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.

Also fix ordering bug in general-purpose security check that was
allowing FLAG_GRANT_PERSISTABLE to bypass it.

Test: builds, boots
Bug: 32990341, 32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
(cherry picked from commit d722e780bac7685e8a012b5f479eba8c348c3c53)
2 files changed
tree: 60ebda3453d0a92ecb1e4b5954e2d9eb8c3645dd
  1. apct-tests/
  2. api/
  3. cmds/
  4. core/
  5. data/
  6. docs/
  7. drm/
  8. graphics/
  9. keystore/
  10. legacy-test/
  11. libs/
  12. location/
  13. media/
  14. native/
  15. nfc-extras/
  16. obex/
  17. opengl/
  18. packages/
  19. proto/
  20. rs/
  21. samples/
  22. sax/
  23. services/
  24. telecomm/
  25. telephony/
  26. test-runner/
  27. tests/
  28. tools/
  29. vr/
  30. wifi/
  31. Android.bp
  32. Android.mk
  33. CleanSpec.mk
  34. compiled-classes-phone
  35. MODULE_LICENSE_APACHE2
  36. NOTICE
  37. pathmap.mk
  38. preloaded-classes
  39. PREUPLOAD.cfg