Persistable Uri grants still require permissions.

When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still need to check permissions between the source and target packages, instead of shortcutting past them. The spirit of the original change is remains intact: if the caller requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid returning "-1", which would prevent the grant data structure from being allocated. Bug: 111934948 Test: atest android.appsecurity.cts.AppSecurityTests Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
author: Jeff Sharkey <jsharkey@android.com> 2018-08-07 14:45:22 -0600
committer: Jeff Sharkey <jsharkey@android.com> 2018-08-07 14:45:24 -0600
commit: 31570a2e9b6d88fa2ed4f0b22491b25ad365e4dd (patch)
tree: 81545d90db2184cc9ce1d2c5e6881effc62a8ceb
parent: b1406c004f98c2a783677475511fa8c6f3c51af3 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/uri/UriGrantsManagerService.java b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
index 1b5ffda946d2..a731e9b01f56 100644
--- a/services/core/java/com/android/server/uri/UriGrantsManagerService.java
+++ b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
@@ -1062,10 +1062,17 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
             }
         }
 
-        // If we're extending a persistable grant, then we always need to create
-        // the grant data structure so that take/release APIs work
+        // Figure out the value returned when access is allowed
+        final int allowedResult;
         if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) {
-            return targetUid;
+            // If we're extending a persistable grant, then we need to return
+            // "targetUid" so that we always create a grant data structure to
+            // support take/release APIs
+            allowedResult = targetUid;
+        } else {
+            // Otherwise, we can return "-1" to indicate that no grant data
+            // structures need to be created
+            allowedResult = -1;
         }
 
         if (targetUid >= 0) {
@@ -1074,7 +1081,7 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
                 // No need to grant the target this permission.
                 if (DEBUG) Slog.v(TAG,
                         "Target " + targetPkg + " already has full permission to " + grantUri);
-                return -1;
+                return allowedResult;
             }
         } else {
             // First...  there is no target package, so can anyone access it?
@@ -1109,7 +1116,7 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
                 }
             }
             if (allowed) {
-                return -1;
+                return allowedResult;
             }
         }
author	Jeff Sharkey <jsharkey@android.com>	2018-08-07 14:45:22 -0600
committer	Jeff Sharkey <jsharkey@android.com>	2018-08-07 14:45:24 -0600
commit	31570a2e9b6d88fa2ed4f0b22491b25ad365e4dd (patch)
tree	81545d90db2184cc9ce1d2c5e6881effc62a8ceb
parent	b1406c004f98c2a783677475511fa8c6f3c51af3 (diff)