Merge "Validate URI-based shortcut icon at creation time." into rvc-dev am: bdcf6b3c0f

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24046929 Change-Id: I1d89b4711b7ffaeba8360ff284c89745b8e57dfe Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2023-09-05 21:53:13 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-09-05 21:53:13 +0000
commit: bf3e2fd99a325e5eb2302c4d89c860aa829ad8ff (patch)
tree: 4dfcd6da07c662280e9d907c111dede063a93d06
parent: fc881f5dea0fef950c57db8e0ec14ea965da628e (diff)
parent: bdcf6b3c0f2d23661b115d393fd328012ea641ca (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index c3375d9346e5..27d6f2486e43 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -30,6 +30,7 @@ import android.app.usage.UsageStatsManagerInternal;
 import android.appwidget.AppWidgetProviderInfo;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
+import android.content.ContentProvider;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -1804,11 +1805,32 @@ public class ShortcutService extends IShortcutService.Stub {
         }
         if (shortcut.getIcon() != null) {
             ShortcutInfo.validateIcon(shortcut.getIcon());
+            validateIconURI(shortcut);
         }
 
         shortcut.replaceFlags(shortcut.getFlags() & ShortcutInfo.FLAG_LONG_LIVED);
     }
 
+    // Validates the calling process has permission to access shortcut icon's image uri
+    private void validateIconURI(@NonNull final ShortcutInfo si) {
+        final int callingUid = injectBinderCallingUid();
+        final Icon icon = si.getIcon();
+        if (icon == null) {
+            // There's no icon in this shortcut, nothing to validate here.
+            return;
+        }
+        int iconType = icon.getType();
+        if (iconType != Icon.TYPE_URI && iconType != Icon.TYPE_URI_ADAPTIVE_BITMAP) {
+            // The icon is not URI-based, nothing to validate.
+            return;
+        }
+        final Uri uri = icon.getUri();
+        mUriGrantsManagerInternal.checkGrantUriPermission(callingUid, si.getPackage(),
+                ContentProvider.getUriWithoutUserId(uri),
+                Intent.FLAG_GRANT_READ_URI_PERMISSION,
+                ContentProvider.getUserIdFromUri(uri, UserHandle.getUserId(callingUid)));
+    }
+
     private void fixUpIncomingShortcutInfo(@NonNull ShortcutInfo shortcut, boolean forUpdate) {
         fixUpIncomingShortcutInfo(shortcut, forUpdate, /*forPinRequest=*/ false);
     }
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2023-09-05 21:53:13 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-05 21:53:13 +0000
commit	bf3e2fd99a325e5eb2302c4d89c860aa829ad8ff (patch)
tree	4dfcd6da07c662280e9d907c111dede063a93d06
parent	fc881f5dea0fef950c57db8e0ec14ea965da628e (diff)
parent	bdcf6b3c0f2d23661b115d393fd328012ea641ca (diff)