summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Jeff Sharkey <jsharkey@android.com> 2017-02-03 00:12:08 +0000
committer android-build-merger <android-build-merger@google.com> 2017-02-03 00:12:08 +0000
commit73f95823f83dec8632b6dd45c6610fd0d671add1 (patch)
tree4e8ec4ba6e1fbd6afaf4c23511a0046d7020ddc3
parentbf1c88f34e85c032f32f6d211958b83145a67222 (diff)
parent6f13f73b7332a86adb61dd23a725d36e5a9537d9 (diff)
DO NOT MERGE. No direct Uri grants from system.
am: 6f13f73b73 Change-Id: I28627832c3ec765d6761afbf3fc508d1069c9582
Diffstat
-rwxr-xr-xservices/core/java/com/android/server/am/ActivityManagerService.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 5805fb356b83..6bb1ebfae5e3 100755
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -7239,7 +7239,12 @@ public final class ActivityManagerService extends ActivityManagerNative
// Third... does the caller itself have permission to access
// this uri?
- if (UserHandle.getAppId(callingUid) != Process.SYSTEM_UID) {
+ final int callingAppId = UserHandle.getAppId(callingUid);
+ if ((callingAppId == Process.SYSTEM_UID) || (callingAppId == Process.ROOT_UID)) {
+ Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ + " grant to " + grantUri + "; use startActivityAsCaller() instead");
+ return -1;
+ } else {
if (!checkHoldingPermissionsLocked(pm, pi, grantUri, callingUid, modeFlags)) {
// Require they hold a strong enough Uri permission
if (!checkUriPermissionLocked(grantUri, callingUid, modeFlags)) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-11 07:22:33 +0000