DO NOT MERGE. Persistable Uri grants still require permissions.
When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.
The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.
Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index b1b15cd..c4a968e 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -8666,10 +8666,17 @@
}
}
- // If we're extending a persistable grant, then we always need to create
- // the grant data structure so that take/release APIs work
+ // Figure out the value returned when access is allowed
+ final int allowedResult;
if ((modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0) {
- return targetUid;
+ // If we're extending a persistable grant, then we need to return
+ // "targetUid" so that we always create a grant data structure to
+ // support take/release APIs
+ allowedResult = targetUid;
+ } else {
+ // Otherwise, we can return "-1" to indicate that no grant data
+ // structures need to be created
+ allowedResult = -1;
}
if (targetUid >= 0) {
@@ -8678,7 +8685,7 @@
// No need to grant the target this permission.
if (DEBUG_URI_PERMISSION) Slog.v(TAG_URI_PERMISSION,
"Target " + targetPkg + " already has full permission to " + grantUri);
- return -1;
+ return allowedResult;
}
} else {
// First... there is no target package, so can anyone access it?
@@ -8694,7 +8701,7 @@
}
}
if (allowed) {
- return -1;
+ return allowedResult;
}
}