From c4f4dfedf8c961b7156fd3b98a4facacfa9002ff Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Mon, 12 Jun 2017 17:33:07 -0600 Subject: DO NOT MERGE. KEY_INTENT shouldn't grant permissions. KEY_INTENT has no business granting any Uri permissions, so remove any grant flags that malicious apps may have tried sneaking in. Test: builds, boots Bug: 32990341, 32879915 Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42 --- .../core/java/com/android/server/accounts/AccountManagerService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index cb6cb21798a4..5a210462fb38 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -3860,6 +3860,10 @@ public class AccountManagerService protected void checkKeyIntent( int authUid, Intent intent) throws SecurityException { + intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION + | Intent.FLAG_GRANT_WRITE_URI_PERMISSION + | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION + | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)); long bid = Binder.clearCallingIdentity(); try { PackageManager pm = mContext.getPackageManager(); -- cgit v1.2.3-59-g8ed1b