Correcting a bug related to Uri permissions.

Making sure that an app cannot hold a permission for a uri on another user.
We were allowing apps to hold permissions for a different user, which should not be the case for privacy reasons (an app could just access apps on another profile)

As a consequence some of the cross profile share intents were not working because a check for the permission returned true so we did not separately grant permissions for uris. Granting permission for uris is required for accessing the content providers across users.

BUG: 15559256

Change-Id: I70765eb659151ce0c5af06075a844143c09429e8
(cherry picked from commit e55e0a1741b9258af77e23e16aa95a6d9e6a5c6f)

1 files changed, 3 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 70327a6..bd1baac 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -6030,6 +6030,9 @@ public final class ActivityManagerService extends ActivityManagerNative
             IPackageManager pm, ProviderInfo pi, GrantUri grantUri, int uid, final int modeFlags) {
         if (DEBUG_URI_PERMISSION) Slog.v(TAG,
                 "checkHoldingPermissionsLocked: uri=" + grantUri + " uid=" + uid);
+        if (UserHandle.getUserId(uid) != grantUri.sourceUserId) {
+            return false;
+        }
 
         if (pi.applicationInfo.uid == uid) {
             return true;