summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/uri/UriGrantsManagerService.java13
-rw-r--r--services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java16
-rw-r--r--services/tests/servicestests/src/com/android/server/uri/UriGrantsMockContext.java26
3 files changed, 47 insertions, 8 deletions
diff --git a/services/core/java/com/android/server/uri/UriGrantsManagerService.java b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
index b8c2f90cf047..6734ce76675d 100644
--- a/services/core/java/com/android/server/uri/UriGrantsManagerService.java
+++ b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
@@ -1126,17 +1126,18 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
}
}
}
- if (pi.forceUriPermissions) {
- // When provider requires dynamic permission checks, the only
- // way to be safe is to issue permission grants for each item by
- // assuming no generic access
- allowed = false;
- }
if (allowed) {
targetHoldsPermission = true;
}
}
+ if (pi.forceUriPermissions) {
+ // When provider requires dynamic permission checks, the only
+ // way to be safe is to issue permission grants for each item by
+ // assuming no generic access
+ targetHoldsPermission = false;
+ }
+
final boolean basicGrant = (modeFlags & ~(FLAG_GRANT_READ_URI_PERMISSION
| FLAG_GRANT_WRITE_URI_PERMISSION)) == 0;
if (basicGrant && targetHoldsPermission) {
diff --git a/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java
index cf1978ec47a1..e5486473e93b 100644
--- a/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java
@@ -21,14 +21,17 @@ import static com.android.server.uri.UriGrantsMockContext.FLAG_PREFIX;
import static com.android.server.uri.UriGrantsMockContext.FLAG_READ;
import static com.android.server.uri.UriGrantsMockContext.PKG_CAMERA;
import static com.android.server.uri.UriGrantsMockContext.PKG_COMPLEX;
+import static com.android.server.uri.UriGrantsMockContext.PKG_FORCE;
import static com.android.server.uri.UriGrantsMockContext.PKG_SOCIAL;
import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_CAMERA;
import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_COMPLEX;
+import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_FORCE;
import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_PRIVATE;
import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_PUBLIC;
import static com.android.server.uri.UriGrantsMockContext.UID_PRIMARY_SOCIAL;
import static com.android.server.uri.UriGrantsMockContext.UID_SECONDARY_CAMERA;
import static com.android.server.uri.UriGrantsMockContext.UID_SECONDARY_SOCIAL;
+import static com.android.server.uri.UriGrantsMockContext.URI_FORCE;
import static com.android.server.uri.UriGrantsMockContext.URI_PHOTO_1;
import static com.android.server.uri.UriGrantsMockContext.URI_PRIVATE;
import static com.android.server.uri.UriGrantsMockContext.URI_PUBLIC;
@@ -125,6 +128,19 @@ public class UriGrantsManagerServiceTest {
}
/**
+ * Verify that {@link ProviderInfo#forceUriPermissions} forces permission
+ * grants, even when receiver already holds permission.
+ */
+ @Test
+ public void testNeeded_force() {
+ final Intent intent = new Intent(Intent.ACTION_VIEW, URI_FORCE)
+ .addFlags(FLAG_READ);
+ final NeededUriGrants needed = mService.checkGrantUriPermissionFromIntent(
+ UID_PRIMARY_FORCE, PKG_FORCE, intent, intent.getFlags(), null, USER_PRIMARY);
+ assertEquals(asSet(new GrantUri(USER_PRIMARY, URI_FORCE, 0)), needed.uris);
+ }
+
+ /**
* Verify that we can't grant permissions to top level of a provider with
* complex permission model.
*/
diff --git a/services/tests/servicestests/src/com/android/server/uri/UriGrantsMockContext.java b/services/tests/servicestests/src/com/android/server/uri/UriGrantsMockContext.java
index 989928dbbcc4..d5aee5d208f5 100644
--- a/services/tests/servicestests/src/com/android/server/uri/UriGrantsMockContext.java
+++ b/services/tests/servicestests/src/com/android/server/uri/UriGrantsMockContext.java
@@ -62,6 +62,8 @@ public class UriGrantsMockContext extends ContextWrapper {
static final String PKG_PRIVATE = "com.example.private";
/** Completely public app/provider that needs no grants */
static final String PKG_PUBLIC = "com.example.public";
+ /** Completely public app/provider that forces grants */
+ static final String PKG_FORCE = "com.example.force";
/** Complex provider that offers nested grants */
static final String PKG_COMPLEX = "com.example.complex";
@@ -69,24 +71,28 @@ public class UriGrantsMockContext extends ContextWrapper {
private static final int UID_CAMERA = android.os.Process.LAST_APPLICATION_UID - 2;
private static final int UID_PRIVATE = android.os.Process.LAST_APPLICATION_UID - 3;
private static final int UID_PUBLIC = android.os.Process.LAST_APPLICATION_UID - 4;
- private static final int UID_COMPLEX = android.os.Process.LAST_APPLICATION_UID - 5;
+ private static final int UID_FORCE = android.os.Process.LAST_APPLICATION_UID - 5;
+ private static final int UID_COMPLEX = android.os.Process.LAST_APPLICATION_UID - 6;
static final int UID_PRIMARY_SOCIAL = UserHandle.getUid(USER_PRIMARY, UID_SOCIAL);
static final int UID_PRIMARY_CAMERA = UserHandle.getUid(USER_PRIMARY, UID_CAMERA);
static final int UID_PRIMARY_PRIVATE = UserHandle.getUid(USER_PRIMARY, UID_PRIVATE);
static final int UID_PRIMARY_PUBLIC = UserHandle.getUid(USER_PRIMARY, UID_PUBLIC);
+ static final int UID_PRIMARY_FORCE = UserHandle.getUid(USER_PRIMARY, UID_FORCE);
static final int UID_PRIMARY_COMPLEX = UserHandle.getUid(USER_PRIMARY, UID_COMPLEX);
static final int UID_SECONDARY_SOCIAL = UserHandle.getUid(USER_SECONDARY, UID_SOCIAL);
static final int UID_SECONDARY_CAMERA = UserHandle.getUid(USER_SECONDARY, UID_CAMERA);
static final int UID_SECONDARY_PRIVATE = UserHandle.getUid(USER_SECONDARY, UID_PRIVATE);
static final int UID_SECONDARY_PUBLIC = UserHandle.getUid(USER_SECONDARY, UID_PUBLIC);
- static final int UID_SECONDARY_COMPLEX = UserHandle.getUid(USER_PRIMARY, UID_COMPLEX);
+ static final int UID_SECONDARY_FORCE = UserHandle.getUid(USER_SECONDARY, UID_FORCE);
+ static final int UID_SECONDARY_COMPLEX = UserHandle.getUid(USER_SECONDARY, UID_COMPLEX);
static final Uri URI_PHOTO_1 = Uri.parse("content://" + PKG_CAMERA + "/1");
static final Uri URI_PHOTO_2 = Uri.parse("content://" + PKG_CAMERA + "/2");
static final Uri URI_PRIVATE = Uri.parse("content://" + PKG_PRIVATE + "/42");
static final Uri URI_PUBLIC = Uri.parse("content://" + PKG_PUBLIC + "/42");
+ static final Uri URI_FORCE = Uri.parse("content://" + PKG_FORCE + "/42");
private final File mDir;
@@ -122,6 +128,8 @@ public class UriGrantsMockContext extends ContextWrapper {
.thenReturn(UserHandle.getUid(userId, UID_PRIVATE));
when(mPmInternal.getPackageUidInternal(eq(PKG_PUBLIC), anyInt(), eq(userId)))
.thenReturn(UserHandle.getUid(userId, UID_PUBLIC));
+ when(mPmInternal.getPackageUidInternal(eq(PKG_FORCE), anyInt(), eq(userId)))
+ .thenReturn(UserHandle.getUid(userId, UID_FORCE));
when(mPmInternal.getPackageUidInternal(eq(PKG_COMPLEX), anyInt(), eq(userId)))
.thenReturn(UserHandle.getUid(userId, UID_COMPLEX));
@@ -131,6 +139,8 @@ public class UriGrantsMockContext extends ContextWrapper {
.thenReturn(buildPrivateProvider(userId));
when(mPmInternal.resolveContentProvider(eq(PKG_PUBLIC), anyInt(), eq(userId)))
.thenReturn(buildPublicProvider(userId));
+ when(mPmInternal.resolveContentProvider(eq(PKG_FORCE), anyInt(), eq(userId)))
+ .thenReturn(buildForceProvider(userId));
when(mPmInternal.resolveContentProvider(eq(PKG_COMPLEX), anyInt(), eq(userId)))
.thenReturn(buildComplexProvider(userId));
}
@@ -170,6 +180,18 @@ public class UriGrantsMockContext extends ContextWrapper {
return pi;
}
+ private static ProviderInfo buildForceProvider(int userId) {
+ final ProviderInfo pi = new ProviderInfo();
+ pi.packageName = PKG_FORCE;
+ pi.authority = PKG_FORCE;
+ pi.exported = true;
+ pi.grantUriPermissions = true;
+ pi.forceUriPermissions = true;
+ pi.applicationInfo = new ApplicationInfo();
+ pi.applicationInfo.uid = UserHandle.getUid(userId, UID_FORCE);
+ return pi;
+ }
+
private static ProviderInfo buildComplexProvider(int userId) {
final ProviderInfo pi = new ProviderInfo();
pi.packageName = PKG_COMPLEX;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-26 14:40:10 +0000