Fix singleUser provider grants

Fake the Uri for grant check, if we're checking access to
a singleUser provider. Inject the userId in the authority
so that the grant can be matched properly.

Bug: 18194892
Change-Id: I4a55ce593ac21722f394e89e13350aa205d76336

1 files changed, 4 insertions, 1 deletions

diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java
index 2853c58..c8f9b7d 100644
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -515,7 +515,10 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
         }
 
         // last chance, check against any uri grants
-        if (context.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION)
+        final int callingUserId = UserHandle.getUserId(uid);
+        final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, uid))
+                ? maybeAddUserId(uri, callingUserId) : uri;
+        if (context.checkUriPermission(userUri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION)
                 == PERMISSION_GRANTED) {
             return;
         }