From ff7add011a3742bc5ba609de2abd9b7bf35c71e1 Mon Sep 17 00:00:00 2001
From: Christopher Tate <ctate@google.com>
Date: Mon, 17 Aug 2015 10:23:22 -0700
Subject: Check component permissions like 'exported' before assigned
 permissions

In particular, don't assume that the absence of an explicit permission
requirement means that the activity is freely launchable unless you have
also checked thing like exported="true" first.

Bug 23223804

Change-Id: Idbfd1f5662b374a7a447b738591b267a1c497e41
---
 .../core/java/com/android/server/am/ActivityStackSupervisor.java  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'services')

diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 7c79661..6d91309 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -1687,16 +1687,16 @@ public final class ActivityStackSupervisor implements DisplayListener {
 
     private int getComponentRestrictionForCallingPackage(ActivityInfo activityInfo,
             String callingPackage, int callingPid, int callingUid, boolean ignoreTargetSecurity) {
-        if (activityInfo.permission == null) {
-            return ACTIVITY_RESTRICTION_NONE;
-        }
-
         if (!ignoreTargetSecurity && mService.checkComponentPermission(activityInfo.permission,
                 callingPid, callingUid, activityInfo.applicationInfo.uid, activityInfo.exported)
                 == PackageManager.PERMISSION_DENIED) {
             return ACTIVITY_RESTRICTION_PERMISSION;
         }
 
+        if (activityInfo.permission == null) {
+            return ACTIVITY_RESTRICTION_NONE;
+        }
+
         final int opCode = AppOpsManager.permissionToOpCode(activityInfo.permission);
         if (opCode == AppOpsManager.OP_NONE) {
             return ACTIVITY_RESTRICTION_NONE;
-- 
cgit v1.1