DO NOT MERGE. Grant MMS Uri permissions as the calling UID. am: 3eddf40675

am: 14b308de91 Change-Id: I3ae65230058cd51b4efb06358dae35dce419c04b
author: Jeff Sharkey <jsharkey@android.com> 2017-02-09 17:39:14 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-09 17:39:14 +0000
commit: 19fd8e3f0688ebde5703ec6acd23f424d57990c7 (patch)
tree: 0d4b7dd81b74327cf84f851c6d7d4ea6c2ab2431
parent: 53e56405891d9616d4575148f4210ef01bd31083 (diff)
parent: 14b308de9150f6208c09efd991ecebef7d60c8c8 (diff)
3 files changed, 29 insertions, 2 deletions
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index d4f80a01ea53..28f84771e10c 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -61,6 +61,13 @@ public abstract class ActivityManagerInternal {
     public static final int APP_TRANSITION_TIMEOUT = 3;
 
     /**
+     * Grant Uri permissions from one app to another. This method only extends
+     * permission grants if {@code callingUid} has permission to them.
+     */
+    public abstract void grantUriPermissionFromIntent(int callingUid, String targetPkg,
+            Intent intent, int targetUserId);
+
+    /**
      * Verify that calling app has access to the given provider.
      */
     public abstract String checkContentProviderAccess(String authority, int userId);
diff --git a/services/core/java/com/android/server/MmsServiceBroker.java b/services/core/java/com/android/server/MmsServiceBroker.java
index 33f92344f615..54b2a25aa3bb 100644
--- a/services/core/java/com/android/server/MmsServiceBroker.java
+++ b/services/core/java/com/android/server/MmsServiceBroker.java
@@ -17,6 +17,7 @@
 package com.android.server;
 
 import android.Manifest;
+import android.app.ActivityManagerInternal;
 import android.app.AppOpsManager;
 import android.app.PendingIntent;
 import android.content.ComponentName;
@@ -499,13 +500,21 @@ public class MmsServiceBroker extends SystemService {
          */
         private Uri adjustUriForUserAndGrantPermission(Uri contentUri, String action,
                 int permission) {
+            final Intent grantIntent = new Intent();
+            grantIntent.setData(contentUri);
+            grantIntent.setFlags(permission);
+
+            final int callingUid = Binder.getCallingUid();
             final int callingUserId = UserHandle.getCallingUserId();
             if (callingUserId != UserHandle.USER_SYSTEM) {
                 contentUri = ContentProvider.maybeAddUserId(contentUri, callingUserId);
             }
+
             long token = Binder.clearCallingIdentity();
             try {
-                mContext.grantUriPermission(PHONE_PACKAGE_NAME, contentUri, permission);
+                LocalServices.getService(ActivityManagerInternal.class)
+                        .grantUriPermissionFromIntent(callingUid, PHONE_PACKAGE_NAME,
+                                grantIntent, UserHandle.USER_SYSTEM);
 
                 // Grant permission for the carrier app.
                 Intent intent = new Intent(action);
@@ -514,7 +523,9 @@ public class MmsServiceBroker extends SystemService {
                 List<String> carrierPackages = telephonyManager.getCarrierPackageNamesForIntent(
                         intent);
                 if (carrierPackages != null && carrierPackages.size() == 1) {
-                    mContext.grantUriPermission(carrierPackages.get(0), contentUri, permission);
+                    LocalServices.getService(ActivityManagerInternal.class)
+                            .grantUriPermissionFromIntent(callingUid, carrierPackages.get(0),
+                                    grantIntent, UserHandle.USER_SYSTEM);
                 }
             } finally {
                 Binder.restoreCallingIdentity(token);
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index e5e7c4d2889a..d6eb755503c9 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -21969,6 +21969,15 @@ public final class ActivityManagerService extends ActivityManagerNative
 
     private final class LocalService extends ActivityManagerInternal {
         @Override
+        public void grantUriPermissionFromIntent(int callingUid, String targetPkg, Intent intent,
+                int targetUserId) {
+            synchronized (ActivityManagerService.this) {
+                ActivityManagerService.this.grantUriPermissionFromIntentLocked(callingUid,
+                        targetPkg, intent, null, targetUserId);
+            }
+        }
+
+        @Override
         public String checkContentProviderAccess(String authority, int userId) {
             return ActivityManagerService.this.checkContentProviderAccess(authority, userId);
         }
author	Jeff Sharkey <jsharkey@android.com>	2017-02-09 17:39:14 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-09 17:39:14 +0000
commit	19fd8e3f0688ebde5703ec6acd23f424d57990c7 (patch)
tree	0d4b7dd81b74327cf84f851c6d7d4ea6c2ab2431
parent	53e56405891d9616d4575148f4210ef01bd31083 (diff)
parent	14b308de9150f6208c09efd991ecebef7d60c8c8 (diff)