diff options
| author | 2022-09-05 05:29:07 +0000 | |
|---|---|---|
| committer | 2022-09-05 05:29:07 +0000 | |
| commit | bfe7ba994dbaab0c0a36b1e5c895d2f434ceef87 (patch) | |
| tree | 095c5cce793728ee6cd01a788b28870dd18b4d5a | |
| parent | 4c4c6abec0d85c3f089156ddcb68d037580df62c (diff) | |
| parent | 0796251fdb44f8cc31fdcd04cf2132c51a99e0c7 (diff) | |
Merge "Revert "Honor app visibility when get MIME type from ContentProvider""
| -rw-r--r-- | services/core/java/com/android/server/am/ContentProviderHelper.java | 66 |
1 files changed, 26 insertions, 40 deletions
diff --git a/services/core/java/com/android/server/am/ContentProviderHelper.java b/services/core/java/com/android/server/am/ContentProviderHelper.java index 78629b04cff2..a36c298c9848 100644 --- a/services/core/java/com/android/server/am/ContentProviderHelper.java +++ b/services/core/java/com/android/server/am/ContentProviderHelper.java @@ -29,7 +29,6 @@ import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_MU; import static com.android.server.am.ActivityManagerService.TAG_MU; import static com.android.server.am.ProcessProfileRecord.HOSTING_COMPONENT_TYPE_PROVIDER; -import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.ActivityManager; import android.app.ActivityManagerInternal; @@ -49,6 +48,7 @@ import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; +import android.content.pm.PackageManagerInternal; import android.content.pm.PathPermission; import android.content.pm.ProviderInfo; import android.content.pm.UserInfo; @@ -960,22 +960,20 @@ public class ContentProviderHelper { String getProviderMimeType(Uri uri, int userId) { mService.enforceNotIsolatedCaller("getProviderMimeType"); final String name = uri.getAuthority(); - final int callingUid = Binder.getCallingUid(); - final int callingPid = Binder.getCallingPid(); - final int safeUserId = mService.mUserController.unsafeConvertIncomingUser(userId); - final long ident = canClearIdentity(callingPid, callingUid, safeUserId) - ? Binder.clearCallingIdentity() : 0; - final ContentProviderHolder holder; - try { - holder = getContentProviderExternalUnchecked(name, null, callingUid, - "*getmimetype*", safeUserId); - } finally { - if (ident != 0) { - Binder.restoreCallingIdentity(ident); - } + int callingUid = Binder.getCallingUid(); + int callingPid = Binder.getCallingPid(); + long ident = 0; + boolean clearedIdentity = false; + userId = mService.mUserController.unsafeConvertIncomingUser(userId); + if (canClearIdentity(callingPid, callingUid, userId)) { + clearedIdentity = true; + ident = Binder.clearCallingIdentity(); } + ContentProviderHolder holder = null; try { - if (isHolderVisibleToCaller(holder, callingUid, safeUserId)) { + holder = getContentProviderExternalUnchecked(name, null, callingUid, + "*getmimetype*", userId); + if (holder != null) { final IBinder providerConnection = holder.connection; final ComponentName providerName = holder.info.getComponentName(); // Note: creating a new Runnable instead of using a lambda here since lambdas in @@ -1004,13 +1002,15 @@ public class ContentProviderHelper { return null; } finally { // We need to clear the identity to call removeContentProviderExternalUnchecked - final long token = Binder.clearCallingIdentity(); + if (!clearedIdentity) { + ident = Binder.clearCallingIdentity(); + } try { if (holder != null) { - removeContentProviderExternalUnchecked(name, null /* token */, safeUserId); + removeContentProviderExternalUnchecked(name, null, userId); } } finally { - Binder.restoreCallingIdentity(token); + Binder.restoreCallingIdentity(ident); } } @@ -1029,20 +1029,12 @@ public class ContentProviderHelper { final int callingUid = Binder.getCallingUid(); final int callingPid = Binder.getCallingPid(); final int safeUserId = mService.mUserController.unsafeConvertIncomingUser(userId); - final long ident = canClearIdentity(callingPid, callingUid, safeUserId) + final long ident = canClearIdentity(callingPid, callingUid, userId) ? Binder.clearCallingIdentity() : 0; - final ContentProviderHolder holder; try { - holder = getContentProviderExternalUnchecked(name, null /* token */, + final ContentProviderHolder holder = getContentProviderExternalUnchecked(name, null, callingUid, "*getmimetype*", safeUserId); - } finally { - if (ident != 0) { - Binder.restoreCallingIdentity(ident); - } - } - - try { - if (isHolderVisibleToCaller(holder, callingUid, safeUserId)) { + if (holder != null) { holder.provider.getTypeAsync(uri, new RemoteCallback(result -> { final long identity = Binder.clearCallingIdentity(); try { @@ -1058,6 +1050,8 @@ public class ContentProviderHelper { } catch (RemoteException e) { Log.w(TAG, "Content provider dead retrieving " + uri, e); resultCallback.sendResult(Bundle.EMPTY); + } finally { + Binder.restoreCallingIdentity(ident); } } @@ -1073,16 +1067,6 @@ public class ContentProviderHelper { callingUid, -1, true) == PackageManager.PERMISSION_GRANTED; } - private boolean isHolderVisibleToCaller(@Nullable ContentProviderHolder holder, int callingUid, - @UserIdInt int userId) { - if (holder == null || holder.info == null) { - return false; - } - - return !mService.getPackageManagerInternal() - .filterAppAccess(holder.info.packageName, callingUid, userId); - } - /** * Check if the calling UID has a possible chance at accessing the provider * at the given authority and user. @@ -1151,7 +1135,9 @@ public class ContentProviderHelper { "*checkContentProviderUriPermission*", userId); if (holder != null) { - final AndroidPackage androidPackage = mService.getPackageManagerInternal() + final PackageManagerInternal packageManagerInt = LocalServices.getService( + PackageManagerInternal.class); + final AndroidPackage androidPackage = packageManagerInt .getPackage(Binder.getCallingUid()); if (androidPackage == null) { return PackageManager.PERMISSION_DENIED; |