diff options
author | Dianne Hackborn <hackbod@google.com> | 2015-07-16 10:52:52 -0700 |
---|---|---|
committer | Dianne Hackborn <hackbod@google.com> | 2015-07-16 10:52:52 -0700 |
commit | a7cfbe0e548ac76f20915b65851b8bc9095aa541 (patch) | |
tree | 8317ab2db6c305fcb9e24813cf919420b6fbe032 /services | |
parent | f6586cbde7d4612963eb2e8a2413235630676b83 (diff) | |
download | frameworks_base-a7cfbe0e548ac76f20915b65851b8bc9095aa541.zip frameworks_base-a7cfbe0e548ac76f20915b65851b8bc9095aa541.tar.gz frameworks_base-a7cfbe0e548ac76f20915b65851b8bc9095aa541.tar.bz2 |
Work on issue #22516282: ChooserTarget URI grants not forwarded
Add new option to startActivityAsCaller() which allows you to
specify that we should not do security checks on the target
activity being launched.
Change-Id: Ie6b28807b96fef35ccdff93b0a01066cfd8fa307
Diffstat (limited to 'services')
3 files changed, 39 insertions, 27 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 1582037..3bf6fde 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -18,10 +18,7 @@ package com.android.server.am; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; -import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; -import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; -import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.internal.util.XmlUtils.readBooleanAttribute; import static com.android.internal.util.XmlUtils.readIntAttribute; @@ -3516,8 +3513,8 @@ public final class ActivityManagerService extends ActivityManagerNative intent.setComponent(new ComponentName( ri.activityInfo.packageName, ri.activityInfo.name)); mStackSupervisor.startActivityLocked(null, intent, null, ri.activityInfo, - null, null, null, null, 0, 0, 0, null, 0, 0, 0, null, false, null, null, - null); + null, null, null, null, 0, 0, 0, null, 0, 0, 0, null, false, false, + null, null, null); } } } @@ -3803,13 +3800,14 @@ public final class ActivityManagerService extends ActivityManagerNative // TODO: Switch to user app stacks here. return mStackSupervisor.startActivityMayWait(caller, -1, callingPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, - profilerInfo, null, null, options, userId, null, null); + profilerInfo, null, null, options, false, userId, null, null); } @Override public final int startActivityAsCaller(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, - int startFlags, ProfilerInfo profilerInfo, Bundle options, int userId) { + int startFlags, ProfilerInfo profilerInfo, Bundle options, boolean ignoreTargetSecurity, + int userId) { // This is very dangerous -- it allows you to perform a start activity (including // permission grants) as any app that may launch one of your own activities. So @@ -3843,6 +3841,16 @@ public final class ActivityManagerService extends ActivityManagerNative + sourceRecord.launchedFromUid); } } + if (ignoreTargetSecurity) { + if (intent.getComponent() == null) { + throw new SecurityException( + "Component must be specified with ignoreTargetSecurity"); + } + if (intent.getSelector() != null) { + throw new SecurityException( + "Selector not allowed with ignoreTargetSecurity"); + } + } targetUid = sourceRecord.launchedFromUid; targetPackage = sourceRecord.launchedFromPackage; } @@ -3855,7 +3863,7 @@ public final class ActivityManagerService extends ActivityManagerNative try { int ret = mStackSupervisor.startActivityMayWait(null, targetUid, targetPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, null, - null, null, options, userId, null, null); + null, null, options, ignoreTargetSecurity, userId, null, null); return ret; } catch (SecurityException e) { // XXX need to figure out how to propagate to original app. @@ -3884,7 +3892,7 @@ public final class ActivityManagerService extends ActivityManagerNative // TODO: Switch to user app stacks here. mStackSupervisor.startActivityMayWait(caller, -1, callingPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, profilerInfo, res, null, - options, userId, null, null); + options, false, userId, null, null); return res; } @@ -3898,7 +3906,7 @@ public final class ActivityManagerService extends ActivityManagerNative // TODO: Switch to user app stacks here. int ret = mStackSupervisor.startActivityMayWait(caller, -1, callingPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, - null, null, config, options, userId, null, null); + null, null, config, options, false, userId, null, null); return ret; } @@ -3956,7 +3964,7 @@ public final class ActivityManagerService extends ActivityManagerNative // TODO: Switch to user app stacks here. return mStackSupervisor.startActivityMayWait(null, callingUid, callingPackage, intent, resolvedType, session, interactor, null, null, 0, startFlags, profilerInfo, null, - null, options, userId, null, null); + null, options, false, userId, null, null); } @Override @@ -4067,7 +4075,7 @@ public final class ActivityManagerService extends ActivityManagerNative int res = mStackSupervisor.startActivityLocked(r.app.thread, intent, r.resolvedType, aInfo, null, null, resultTo != null ? resultTo.appToken : null, resultWho, requestCode, -1, r.launchedFromUid, r.launchedFromPackage, - -1, r.launchedFromUid, 0, options, false, null, null, null); + -1, r.launchedFromUid, 0, options, false, false, null, null, null); Binder.restoreCallingIdentity(origId); r.finishing = wasFinishing; @@ -4125,7 +4133,7 @@ public final class ActivityManagerService extends ActivityManagerNative // TODO: Switch to user app stacks here. int ret = mStackSupervisor.startActivityMayWait(null, uid, callingPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, - null, null, null, options, userId, container, inTask); + null, null, null, options, false, userId, container, inTask); return ret; } @@ -20529,7 +20537,7 @@ public final class ActivityManagerService extends ActivityManagerNative } return mStackSupervisor.startActivityMayWait(appThread, -1, callingPackage, intent, resolvedType, null, null, null, null, 0, 0, null, null, - null, options, callingUser, null, tr); + null, options, false, callingUser, null, tr); } @Override diff --git a/services/core/java/com/android/server/am/ActivityStack.java b/services/core/java/com/android/server/am/ActivityStack.java index 470bbb0..e57e3ff 100644 --- a/services/core/java/com/android/server/am/ActivityStack.java +++ b/services/core/java/com/android/server/am/ActivityStack.java @@ -3117,7 +3117,7 @@ final class ActivityStack { int res = mStackSupervisor.startActivityLocked(srec.app.thread, destIntent, null, aInfo, null, null, parent.appToken, null, 0, -1, parent.launchedFromUid, parent.launchedFromPackage, - -1, parent.launchedFromUid, 0, null, true, null, null, null); + -1, parent.launchedFromUid, 0, null, false, true, null, null, null); foundParentInTask = res == ActivityManager.START_SUCCESS; } catch (RemoteException e) { foundParentInTask = false; diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java index c12aff6..05c58d7 100644 --- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java +++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java @@ -911,7 +911,8 @@ public final class ActivityStackSupervisor implements DisplayListener { null /* voiceSession */, null /* voiceInteractor */, null /* resultTo */, null /* resultWho */, 0 /* requestCode */, 0 /* callingPid */, 0 /* callingUid */, null /* callingPackage */, 0 /* realCallingPid */, 0 /* realCallingUid */, - 0 /* startFlags */, null /* options */, false /* componentSpecified */, + 0 /* startFlags */, null /* options */, false /* ignoreTargetSecurity */, + false /* componentSpecified */, null /* outActivity */, null /* container */, null /* inTask */); if (inResumeTopActivity) { // If we are in resume section already, home activity will be initialized, but not @@ -926,7 +927,8 @@ public final class ActivityStackSupervisor implements DisplayListener { IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, WaitResult outResult, Configuration config, - Bundle options, int userId, IActivityContainer iContainer, TaskRecord inTask) { + Bundle options, boolean ignoreTargetSecurity, int userId, + IActivityContainer iContainer, TaskRecord inTask) { // Refuse possible leaked file descriptors if (intent != null && intent.hasFileDescriptors()) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -1043,7 +1045,7 @@ public final class ActivityStackSupervisor implements DisplayListener { int res = startActivityLocked(caller, intent, resolvedType, aInfo, voiceSession, voiceInteractor, resultTo, resultWho, requestCode, callingPid, callingUid, callingPackage, - realCallingPid, realCallingUid, startFlags, options, + realCallingPid, realCallingUid, startFlags, options, ignoreTargetSecurity, componentSpecified, null, container, inTask); Binder.restoreCallingIdentity(origId); @@ -1159,7 +1161,7 @@ public final class ActivityStackSupervisor implements DisplayListener { int res = startActivityLocked(caller, intent, resolvedTypes[i], aInfo, null, null, resultTo, null, -1, callingPid, callingUid, callingPackage, callingPid, callingUid, - 0, theseOptions, componentSpecified, outActivity, null, null); + 0, theseOptions, false, componentSpecified, outActivity, null, null); if (res < 0) { return res; } @@ -1400,8 +1402,8 @@ public final class ActivityStackSupervisor implements DisplayListener { IBinder resultTo, String resultWho, int requestCode, int callingPid, int callingUid, String callingPackage, int realCallingPid, int realCallingUid, int startFlags, Bundle options, - boolean componentSpecified, ActivityRecord[] outActivity, ActivityContainer container, - TaskRecord inTask) { + boolean ignoreTargetSecurity, boolean componentSpecified, ActivityRecord[] outActivity, + ActivityContainer container, TaskRecord inTask) { int err = ActivityManager.START_SUCCESS; ProcessRecord callerApp = null; @@ -1546,7 +1548,7 @@ public final class ActivityStackSupervisor implements DisplayListener { if (startAnyPerm != PERMISSION_GRANTED) { final int componentRestriction = getComponentRestrictionForCallingPackage( - aInfo, callingPackage, callingPid, callingUid); + aInfo, callingPackage, callingPid, callingUid, ignoreTargetSecurity); final int actionRestriction = getActionRestrictionForCallingPackage( intent.getAction(), callingPackage, callingPid, callingUid); @@ -1675,13 +1677,13 @@ public final class ActivityStackSupervisor implements DisplayListener { } private int getComponentRestrictionForCallingPackage(ActivityInfo activityInfo, - String callingPackage, int callingPid, int callingUid) { + String callingPackage, int callingPid, int callingUid, boolean ignoreTargetSecurity) { if (activityInfo.permission == null) { return ACTIVITY_RESTRICTION_NONE; } - if (mService.checkComponentPermission(activityInfo.permission, callingPid, callingUid, - activityInfo.applicationInfo.uid, activityInfo.exported) + if (!ignoreTargetSecurity && mService.checkComponentPermission(activityInfo.permission, + callingPid, callingUid, activityInfo.applicationInfo.uid, activityInfo.exported) == PackageManager.PERMISSION_DENIED) { return ACTIVITY_RESTRICTION_PERMISSION; } @@ -1693,7 +1695,9 @@ public final class ActivityStackSupervisor implements DisplayListener { if (mService.mAppOpsService.noteOperation(opCode, callingUid, callingPackage) != AppOpsManager.MODE_ALLOWED) { - return ACTIVITY_RESTRICTION_APPOP; + if (!ignoreTargetSecurity) { + return ACTIVITY_RESTRICTION_APPOP; + } } return ACTIVITY_RESTRICTION_NONE; @@ -4296,7 +4300,7 @@ public final class ActivityStackSupervisor implements DisplayListener { intent.addFlags(FORCE_NEW_TASK_FLAGS); return startActivityMayWait(null, -1, null, intent, mimeType, null, null, null, null, - 0, 0, null, null, null, null, userId, this, null); + 0, 0, null, null, null, null, false, userId, this, null); } @Override |