summaryrefslogtreecommitdiffstats
path: root/services/core/java/com/android/server/am
diff options
context:
space:
mode:
authorWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2017-05-02 19:22:30 +0200
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2017-05-02 19:22:30 +0200
commita0ce80942766948d4cd1036b97e2ee721ed8ecce (patch)
tree5d596eea5771aa9f494d2b1fcf6b3b44da2d401c /services/core/java/com/android/server/am
parenta3f7b1e4871de0b508bbefb0236d258d47a38f15 (diff)
parent0e4f9e2f03e376f0816c1e653bf97fe1d0176794 (diff)
downloadframeworks_base-replicant-6.0.zip
frameworks_base-replicant-6.0.tar.gz
frameworks_base-replicant-6.0.tar.bz2
Merge branch 'cm-13.0' of https://github.com/LineageOS/android_frameworks_base into replicant-6.0HEADreplicant-6.0-0001replicant-6.0
Diffstat (limited to 'services/core/java/com/android/server/am')
-rwxr-xr-xservices/core/java/com/android/server/am/ActivityManagerService.java50
1 files changed, 50 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 23f34e6..3715620 100755
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -219,6 +219,7 @@ import android.os.UpdateLock;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
+import android.provider.Downloads;
import android.telecom.TelecomManager;
import android.text.format.DateUtils;
import android.text.format.Time;
@@ -8181,6 +8182,12 @@ public final class ActivityManagerService extends ActivityManagerNative
// Only inspect grants matching package
if (packageName == null || perm.sourcePkg.equals(packageName)
|| perm.targetPkg.equals(packageName)) {
+ // Hacky solution as part of fixing a security bug; ignore
+ // grants associated with DownloadManager so we don't have
+ // to immediately launch it to regrant the permissions
+ if (Downloads.Impl.AUTHORITY.equals(perm.uri.uri.getAuthority())
+ && !persistable) continue;
+
persistChanged |= perm.revokeModes(persistable
? ~0 : ~Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION, true);
@@ -9623,6 +9630,44 @@ public final class ActivityManagerService extends ActivityManagerNative
}
/**
+ * Check if the calling UID has a possible chance at accessing the provider
+ * at the given authority and user.
+ */
+ public String checkContentProviderAccess(String authority, int userId) {
+ if (userId == UserHandle.USER_ALL) {
+ mContext.enforceCallingOrSelfPermission(
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL, TAG);
+ userId = UserHandle.getCallingUserId();
+ }
+
+ ProviderInfo cpi = null;
+ try {
+ cpi = AppGlobals.getPackageManager().resolveContentProvider(authority,
+ STOCK_PM_FLAGS | PackageManager.GET_URI_PERMISSION_PATTERNS,
+ userId);
+ } catch (RemoteException ignored) {
+ }
+ if (cpi == null) {
+ // TODO: make this an outright failure in a future platform release;
+ // until then anonymous content notifications are unprotected
+ //return "Failed to find provider " + authority + " for user " + userId;
+ return null;
+ }
+
+ ProcessRecord r = null;
+ synchronized (mPidsSelfLocked) {
+ r = mPidsSelfLocked.get(Binder.getCallingPid());
+ }
+ if (r == null) {
+ return "Failed to find PID " + Binder.getCallingPid();
+ }
+
+ synchronized (this) {
+ return checkContentProviderPermissionLocked(cpi, r, userId, true);
+ }
+ }
+
+ /**
* Check if {@link ProcessRecord} has a possible chance at accessing the
* given {@link ProviderInfo}. Final permission checking is always done
* in {@link ContentProvider}.
@@ -21136,6 +21181,11 @@ public final class ActivityManagerService extends ActivityManagerNative
private final class LocalService extends ActivityManagerInternal {
@Override
+ public String checkContentProviderAccess(String authority, int userId) {
+ return ActivityManagerService.this.checkContentProviderAccess(authority, userId);
+ }
+
+ @Override
public void onWakefulnessChanged(int wakefulness) {
ActivityManagerService.this.onWakefulnessChanged(wakefulness);
}