Fix issue #14617210: Apps can gain access to any ContentProvider...
...with grantUriPermissions (no user interaction required)
Add a new path in to the activity manager to start an activity as
if it was directy started by the original calling activity. This
is specifically for the resolver activity and chooser activity to
be able to safely launch its data after serving as an intermediary.
Access to the new method is highly restricted -- it can only be
called by an activity that is declared in the framework apk itself,
and the execute-as-the-caller behavior will only happen if the
code is running under the system uid. (This means we could still
have these run in the client's process in some cases and still work
correctly.)
Note there is some commented out code here half-done about trying
to propagate security exceptions back to the original calling
activity. This would be really nice, especially now with the
chooser activity running in a system process so any errors made
by the app (bad permission grants, bad intents, etc) no longer
actually appear in the app so are essentially invisible. I'd
really like to figure out a way to propagate these exceptions back
to the app, but this is hard since the app's process may no
longer even be running at this point.
Also tweak activity manager dump output to split the recents
dump out from activities, since recents can now be super large.
Change-Id: I50410c4783faf9302c69290589a068a846e0973a
7 files changed