am cf6d2a1d: Merge "Fix issue #2845673: android:exported="false" is not obeyed" into gingerbread

Merge commit 'cf6d2a1de274e9a4156b12be811a180eb36412ab' into gingerbread-plus-aosp * commit 'cf6d2a1de274e9a4156b12be811a180eb36412ab': Fix issue #2845673: android:exported="false" is not obeyed
author: Dianne Hackborn <hackbod@google.com> 2010-08-18 17:08:36 -0700
committer: Android Git Automerger <android-git-automerger@android.com> 2010-08-18 17:08:36 -0700
commit: d172594e3a1e25f1f2c190e99421cb7d4963389b (patch)
tree: ba816633ea1222724ac5134140302b2aad16bb5c /services/java
parent: 43647129d676e8c802850ca493f2ebc6064a4a1a (diff)
parent: cf6d2a1de274e9a4156b12be811a180eb36412ab (diff)
download: frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.zip
frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.tar.gz
frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.tar.bz2
1 files changed, 30 insertions, 17 deletions
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index cd5dea4..a3ba4ed 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -1163,7 +1163,7 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
                     } catch (RemoteException e) {
                     }
                 } catch (NameNotFoundException e) {
-                    Log.w(TAG, "Unable to create context for heavy notification", e);
+                    Slog.w(TAG, "Unable to create context for heavy notification", e);
                 }
             } break;
             case CANCEL_HEAVY_NOTIFICATION_MSG: {
@@ -2368,7 +2368,7 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
             }
             
             if (proc == null) {
-                Log.w(TAG, "crashApplication: nothing for uid=" + uid
+                Slog.w(TAG, "crashApplication: nothing for uid=" + uid
                         + " initialPid=" + initialPid
                         + " packageName=" + packageName);
                 return;
@@ -4054,6 +4054,9 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
                     return false;
                 }
             }
+            if (!pi.exported && pi.applicationInfo.uid != uid) {
+                return false;
+            }
             return true;
         } catch (RemoteException e) {
             return false;
@@ -4202,8 +4205,8 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
         if (perm == null) {
             perm = new UriPermission(targetUid, uri);
             targetUris.put(uri, perm);
-
         }
+
         perm.modeFlags |= modeFlags;
         if (activity == null) {
             perm.globalModeFlags |= modeFlags;
@@ -4224,6 +4227,11 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
 
     void grantUriPermissionFromIntentLocked(int callingUid,
             String targetPkg, Intent intent, ActivityRecord activity) {
+        if (DEBUG_URI_PERMISSION) Slog.v(TAG,
+                "Grant URI perm to " + (intent != null ? intent.getData() : null)
+                + " from " + intent + "; flags=0x"
+                + Integer.toHexString(intent != null ? intent.getFlags() : 0));
+
         if (intent == null) {
             return;
         }
@@ -4902,13 +4910,12 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
     }
 
     private final String checkContentProviderPermissionLocked(
-            ProviderInfo cpi, ProcessRecord r, int mode) {
+            ProviderInfo cpi, ProcessRecord r) {
         final int callingPid = (r != null) ? r.pid : Binder.getCallingPid();
         final int callingUid = (r != null) ? r.info.uid : Binder.getCallingUid();
         if (checkComponentPermission(cpi.readPermission, callingPid, callingUid,
                 cpi.exported ? -1 : cpi.applicationInfo.uid)
-                == PackageManager.PERMISSION_GRANTED
-                && mode == ParcelFileDescriptor.MODE_READ_ONLY || mode == -1) {
+                == PackageManager.PERMISSION_GRANTED) {
             return null;
         }
         if (checkComponentPermission(cpi.writePermission, callingPid, callingUid,
@@ -4925,8 +4932,7 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
                 PathPermission pp = pps[i];
                 if (checkComponentPermission(pp.getReadPermission(), callingPid, callingUid,
                         cpi.exported ? -1 : cpi.applicationInfo.uid)
-                        == PackageManager.PERMISSION_GRANTED
-                        && mode == ParcelFileDescriptor.MODE_READ_ONLY || mode == -1) {
+                        == PackageManager.PERMISSION_GRANTED) {
                     return null;
                 }
                 if (checkComponentPermission(pp.getWritePermission(), callingPid, callingUid,
@@ -4937,6 +4943,15 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
             }
         }
         
+        HashMap<Uri, UriPermission> perms = mGrantedUriPermissions.get(callingUid);
+        if (perms != null) {
+            for (Map.Entry<Uri, UriPermission> uri : perms.entrySet()) {
+                if (uri.getKey().getAuthority().equals(cpi.authority)) {
+                    return null;
+                }
+            }
+        }
+
         String msg = "Permission Denial: opening provider " + cpi.name
                 + " from " + (r != null ? r : "(null)") + " (pid=" + callingPid
                 + ", uid=" + callingUid + ") requires "
@@ -4966,10 +4981,9 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
             cpr = mProvidersByName.get(name);
             if (cpr != null) {
                 cpi = cpr.info;
-                if (checkContentProviderPermissionLocked(cpi, r, -1) != null) {
-                    return new ContentProviderHolder(cpi,
-                            cpi.readPermission != null
-                                    ? cpi.readPermission : cpi.writePermission);
+                String msg;
+                if ((msg=checkContentProviderPermissionLocked(cpi, r)) != null) {
+                    throw new SecurityException(msg);
                 }
 
                 if (r != null && cpr.canRunHere(r)) {
@@ -5029,10 +5043,9 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
                     return null;
                 }
 
-                if (checkContentProviderPermissionLocked(cpi, r, -1) != null) {
-                    return new ContentProviderHolder(cpi,
-                            cpi.readPermission != null
-                                    ? cpi.readPermission : cpi.writePermission);
+                String msg;
+                if ((msg=checkContentProviderPermissionLocked(cpi, r)) != null) {
+                    throw new SecurityException(msg);
                 }
 
                 if (!mSystemReady && !mDidUpdate && !mWaitingUpdate
@@ -6204,7 +6217,7 @@ public final class ActivityManagerService extends ActivityManagerNative implemen
                 Binder.restoreCallingIdentity(origId);
             }
             int res = result.get();
-            Log.w(TAG, "handleApplicationStrictModeViolation; res=" + res);
+            Slog.w(TAG, "handleApplicationStrictModeViolation; res=" + res);
         }
     }
author	Dianne Hackborn <hackbod@google.com>	2010-08-18 17:08:36 -0700
committer	Android Git Automerger <android-git-automerger@android.com>	2010-08-18 17:08:36 -0700
commit	d172594e3a1e25f1f2c190e99421cb7d4963389b (patch)
tree	ba816633ea1222724ac5134140302b2aad16bb5c /services/java
parent	43647129d676e8c802850ca493f2ebc6064a4a1a (diff)
parent	cf6d2a1de274e9a4156b12be811a180eb36412ab (diff)
download	frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.zip frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.tar.gz frameworks_base-d172594e3a1e25f1f2c190e99421cb7d4963389b.tar.bz2