diff options
| author | 2024-09-19 11:57:12 -0700 | |
|---|---|---|
| committer | 2025-01-08 10:50:55 -0800 | |
| commit | 97e34e5a6bfa57236995550c5d1d12f979c29ab6 (patch) | |
| tree | 5cabdb120558d026b5c055090b9a08f0e2bef9e2 | |
| parent | d87d678b1480e42c9c9d5b50d7b4b9a7585f5647 (diff) | |
[RESTRICT AUTOMERGE] Parse authority to separate userId and non-user parts of it
Callers may pass an authority of type `10@com.example` to this API. We
must make sure to only find providers with authority `com.example` installed
in user 10.
Bug: 350456241
Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.ContentProviderMultiUserTests#testAccessFromInitialUser --user-type PRIMARY
Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.ContentProviderMultiUserTests --user-type SECONDARY
Flag: EXEMPT. Bug fix only
Change-Id: I737a435795698bdc612dc3bf88c31e5c8f9c17a6
(cherry picked from commit d1ec2efc0b8941a0585712d5b4cec95fd9f12f17)
| -rw-r--r-- | services/core/java/com/android/server/pm/ComputerEngine.java | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java index 27be468f3ca6..f6253e1f5aae 100644 --- a/services/core/java/com/android/server/pm/ComputerEngine.java +++ b/services/core/java/com/android/server/pm/ComputerEngine.java @@ -67,6 +67,7 @@ import android.annotation.UserIdInt; import android.app.ActivityManager; import android.app.admin.DevicePolicyManagerInternal; import android.content.ComponentName; +import android.content.ContentProvider; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; @@ -4672,8 +4673,14 @@ public class ComputerEngine implements Computer { int callingUid) { if (!mUserManager.exists(userId)) return null; flags = updateFlagsForComponent(flags, userId); - final ProviderInfo providerInfo = mComponentResolver.queryProvider(this, name, flags, - userId); + + // Callers of this API may not always separate the userID and authority. Let's parse it + // before resolving + String authorityWithoutUserId = ContentProvider.getAuthorityWithoutUserId(name); + userId = ContentProvider.getUserIdFromAuthority(name, userId); + + final ProviderInfo providerInfo = mComponentResolver.queryProvider(this, + authorityWithoutUserId, flags, userId); boolean checkedGrants = false; if (providerInfo != null) { // Looking for cross-user grants before enforcing the typical cross-users permissions @@ -4687,7 +4694,7 @@ public class ComputerEngine implements Computer { if (!checkedGrants) { boolean enforceCrossUser = true; - if (isAuthorityRedirectedForCloneProfile(name)) { + if (isAuthorityRedirectedForCloneProfile(authorityWithoutUserId)) { final UserManagerInternal umInternal = mInjector.getUserManagerInternal(); UserInfo userInfo = umInternal.getUserInfo(UserHandle.getUserId(callingUid)); |