From a20eb2a4c624131c531508a6002adaf8b7e936db Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Mon, 12 Jun 2017 17:33:07 -0600
Subject: DO NOT MERGE. KEY_INTENT shouldn't grant permissions.

KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.

Test: builds, boots
Bug: 32990341, 32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
---
 .../core/java/com/android/server/accounts/AccountManagerService.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index a7a79cd5b3eb..a085b716bd8d 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -4184,6 +4184,10 @@ public class AccountManagerService
         protected void checkKeyIntent(
                 int authUid,
                 Intent intent) throws SecurityException {
+            intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                    | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                    | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                    | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
             long bid = Binder.clearCallingIdentity();
             try {
                 PackageManager pm = mContext.getPackageManager();
-- 
cgit v1.2.3-59-g8ed1b