Merge "Validate URI-based shortcut icon at creation time." into rvc-dev am: bdcf6b3c0f am: bf3e2fd99a am: 37fbb483b2 am: ac61b7d030 am: f9a2bcf245 am: 6824374b6b am: 88d743c868 am: 3b18ce1510

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24046929 Change-Id: Ic87fa8f5129fff7e45a1226d573d34fd6eb24f36 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2023-09-06 03:15:50 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-09-06 03:15:50 +0000
commit: 12fd5027fb42f6a92663e9c3d1a89430f390d3fa (patch)
tree: 11b6fb52cef3d034c731e427a2e9e6afcce3019e
parent: ee3b862f64e7cfb11730a66d8d46eb125940c141 (diff)
parent: 3b18ce1510e0762cc56467ec7d4990ab45cc9bfc (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 710e0b72ecfb..dd434fbeecb4 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -37,6 +37,7 @@ import android.app.usage.UsageStatsManagerInternal;
 import android.appwidget.AppWidgetProviderInfo;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
+import android.content.ContentProvider;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -1927,11 +1928,32 @@ public class ShortcutService extends IShortcutService.Stub {
         }
         if (shortcut.getIcon() != null) {
             ShortcutInfo.validateIcon(shortcut.getIcon());
+            validateIconURI(shortcut);
         }
 
         shortcut.replaceFlags(shortcut.getFlags() & ShortcutInfo.FLAG_LONG_LIVED);
     }
 
+    // Validates the calling process has permission to access shortcut icon's image uri
+    private void validateIconURI(@NonNull final ShortcutInfo si) {
+        final int callingUid = injectBinderCallingUid();
+        final Icon icon = si.getIcon();
+        if (icon == null) {
+            // There's no icon in this shortcut, nothing to validate here.
+            return;
+        }
+        int iconType = icon.getType();
+        if (iconType != Icon.TYPE_URI && iconType != Icon.TYPE_URI_ADAPTIVE_BITMAP) {
+            // The icon is not URI-based, nothing to validate.
+            return;
+        }
+        final Uri uri = icon.getUri();
+        mUriGrantsManagerInternal.checkGrantUriPermission(callingUid, si.getPackage(),
+                ContentProvider.getUriWithoutUserId(uri),
+                Intent.FLAG_GRANT_READ_URI_PERMISSION,
+                ContentProvider.getUserIdFromUri(uri, UserHandle.getUserId(callingUid)));
+    }
+
     private void fixUpIncomingShortcutInfo(@NonNull ShortcutInfo shortcut, boolean forUpdate) {
         fixUpIncomingShortcutInfo(shortcut, forUpdate, /*forPinRequest=*/ false);
     }
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2023-09-06 03:15:50 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-06 03:15:50 +0000
commit	12fd5027fb42f6a92663e9c3d1a89430f390d3fa (patch)
tree	11b6fb52cef3d034c731e427a2e9e6afcce3019e
parent	ee3b862f64e7cfb11730a66d8d46eb125940c141 (diff)
parent	3b18ce1510e0762cc56467ec7d4990ab45cc9bfc (diff)