diff options
| author | Dianne Hackborn <hackbod@google.com> | 2012-09-07 15:35:17 -0700 |
|---|---|---|
| committer | Dianne Hackborn <hackbod@google.com> | 2012-09-07 15:50:26 -0700 |
| commit | 11941fd651be468c8ab6c90256616418ecf3a6a8 (patch) | |
| tree | f1d75b86b609bab14703dee3545034bf4f29021e /services | |
| parent | 649d0d71b245d88746b78399ffa1f75da7c80974 (diff) | |
| download | frameworks_base-11941fd651be468c8ab6c90256616418ecf3a6a8.zip frameworks_base-11941fd651be468c8ab6c90256616418ecf3a6a8.tar.gz frameworks_base-11941fd651be468c8ab6c90256616418ecf3a6a8.tar.bz2 | |
Fix crash when setting wallpaper from non-primary user.
When accessing a content provider, there is a check for whether
the provider can run in the caller's process; if so, even if the
provider is currently published, we return to the caller that it
can run locally.
This check was broken -- it had an old condition that allowed
content providers owned by the system UID to run in any other UID's
process. This is wrong, since by definition the other
UIDs would not be able to access the data under the original UID.
We ran into this because the activity picker is part of the
android platform manifest, so runs as the system process. However
it needs to run as the user who invoked it, so when coming from the
non-primary user we spin up a "system" process running as a uid of
that user. Now when that process tries to access the settings
provider, the broken check would think that a new instance of the
settings provider should be created in the caller's process.
Change-Id: I7bf495ed8370cb271bdaec073d5b7dda9e38c546
Diffstat (limited to 'services')
| -rw-r--r-- | services/java/com/android/server/am/ContentProviderRecord.java | 2 | ||||
| -rw-r--r-- | services/java/com/android/server/pm/Settings.java | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/services/java/com/android/server/am/ContentProviderRecord.java b/services/java/com/android/server/am/ContentProviderRecord.java index c80d63a..de306b5 100644 --- a/services/java/com/android/server/am/ContentProviderRecord.java +++ b/services/java/com/android/server/am/ContentProviderRecord.java @@ -85,7 +85,7 @@ class ContentProviderRecord { public boolean canRunHere(ProcessRecord app) { return (info.multiprocess || info.processName.equals(app.processName)) - && (uid == Process.SYSTEM_UID || uid == app.info.uid); + && uid == app.info.uid; } public void addExternalProcessHandleLocked(IBinder token) { diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java index d058a82..b85353c 100644 --- a/services/java/com/android/server/pm/Settings.java +++ b/services/java/com/android/server/pm/Settings.java @@ -1259,7 +1259,7 @@ final class Settings { final ArrayList<PackageCleanItem> pkgs = mPackagesToBeCleaned.valueAt(i); for (int j=0; j<pkgs.size(); j++) { serializer.startTag(null, "cleaning-package"); - PackageCleanItem item = pkgs.get(i); + PackageCleanItem item = pkgs.get(j); serializer.attribute(null, ATTR_NAME, item.packageName); serializer.attribute(null, ATTR_CODE, item.andCode ? "true" : "false"); serializer.attribute(null, ATTR_USER, userStr); |