Surface outgoing Uri permission grants.
This enables apps to discover and clean up persisted Uri grants when
the underlying Uri becomes invalid, such as when an account is
removed.
Bug: 11142566
Change-Id: Ieeb36cb1155acf226327ebe91cdd30b822d69d1b
diff --git a/api/current.txt b/api/current.txt
index 9251d39..a7155c7 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5759,6 +5759,7 @@
method public static java.util.List<android.content.SyncInfo> getCurrentSyncs();
method public static int getIsSyncable(android.accounts.Account, java.lang.String);
method public static boolean getMasterSyncAutomatically();
+ method public java.util.List<android.content.UriPermission> getOutgoingPersistedUriPermissions();
method public static java.util.List<android.content.PeriodicSync> getPeriodicSyncs(android.accounts.Account, java.lang.String);
method public java.util.List<android.content.UriPermission> getPersistedUriPermissions();
method public java.lang.String[] getStreamTypes(android.net.Uri, java.lang.String);
diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java
index 961ee57..74266cc 100644
--- a/core/java/android/app/ActivityManagerNative.java
+++ b/core/java/android/app/ActivityManagerNative.java
@@ -1160,7 +1160,10 @@
case GET_PERSISTED_URI_PERMISSIONS_TRANSACTION: {
data.enforceInterface(IActivityManager.descriptor);
- final ParceledListSlice<UriPermission> perms = getPersistedUriPermissions();
+ final String packageName = data.readString();
+ final boolean incoming = data.readInt() != 0;
+ final ParceledListSlice<UriPermission> perms = getPersistedUriPermissions(
+ packageName, incoming);
reply.writeNoException();
perms.writeToParcel(reply, Parcelable.PARCELABLE_WRITE_RETURN_VALUE);
return true;
@@ -3500,10 +3503,13 @@
}
@Override
- public ParceledListSlice<UriPermission> getPersistedUriPermissions() throws RemoteException {
+ public ParceledListSlice<UriPermission> getPersistedUriPermissions(
+ String packageName, boolean incoming) throws RemoteException {
Parcel data = Parcel.obtain();
Parcel reply = Parcel.obtain();
data.writeInterfaceToken(IActivityManager.descriptor);
+ data.writeString(packageName);
+ data.writeInt(incoming ? 1 : 0);
mRemote.transact(GET_PERSISTED_URI_PERMISSIONS_TRANSACTION, data, reply, 0);
reply.readException();
final ParceledListSlice<UriPermission> perms = ParceledListSlice.CREATOR.createFromParcel(
diff --git a/core/java/android/app/IActivityManager.java b/core/java/android/app/IActivityManager.java
index dfea736..77c2ea0 100644
--- a/core/java/android/app/IActivityManager.java
+++ b/core/java/android/app/IActivityManager.java
@@ -215,7 +215,8 @@
int mode) throws RemoteException;
public void takePersistableUriPermission(Uri uri, int modeFlags) throws RemoteException;
public void releasePersistableUriPermission(Uri uri, int modeFlags) throws RemoteException;
- public ParceledListSlice<UriPermission> getPersistedUriPermissions() throws RemoteException;
+ public ParceledListSlice<UriPermission> getPersistedUriPermissions(
+ String packageName, boolean incoming) throws RemoteException;
public void showWaitingForDebugger(IApplicationThread who, boolean waiting)
throws RemoteException;
diff --git a/core/java/android/content/ContentResolver.java b/core/java/android/content/ContentResolver.java
index 916a6cd..49dfdb5 100644
--- a/core/java/android/content/ContentResolver.java
+++ b/core/java/android/content/ContentResolver.java
@@ -1659,8 +1659,9 @@
}
/**
- * Return list of all Uri permission grants that have been persisted for the
- * calling app. Only persistable grants taken with
+ * Return list of all Uri permission grants that have been persisted by the
+ * calling app. That is, the returned permissions have been granted
+ * <em>to</em> the calling app. Only persistable grants taken with
* {@link #takePersistableUriPermission(Uri, int)} are returned.
*
* @see #takePersistableUriPermission(Uri, int)
@@ -1668,7 +1669,23 @@
*/
public List<UriPermission> getPersistedUriPermissions() {
try {
- return ActivityManagerNative.getDefault().getPersistedUriPermissions().getList();
+ return ActivityManagerNative.getDefault()
+ .getPersistedUriPermissions(mPackageName, true).getList();
+ } catch (RemoteException e) {
+ throw new RuntimeException("Activity manager has died", e);
+ }
+ }
+
+ /**
+ * Return list of all persisted Uri permission grants that are hosted by the
+ * calling app. That is, the returned permissions have been granted
+ * <em>from</em> the calling app. Only grants taken with
+ * {@link #takePersistableUriPermission(Uri, int)} are returned.
+ */
+ public List<UriPermission> getOutgoingPersistedUriPermissions() {
+ try {
+ return ActivityManagerNative.getDefault()
+ .getPersistedUriPermissions(mPackageName, false).getList();
} catch (RemoteException e) {
throw new RuntimeException("Activity manager has died", e);
}
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index 1987d04..971f07d 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -6489,26 +6489,53 @@
}
@Override
- public ParceledListSlice<android.content.UriPermission> getPersistedUriPermissions() {
+ public ParceledListSlice<android.content.UriPermission> getPersistedUriPermissions(
+ String packageName, boolean incoming) {
enforceNotIsolatedCaller("getPersistedUriPermissions");
+ Preconditions.checkNotNull(packageName, "packageName");
+ final int callingUid = Binder.getCallingUid();
+ final IPackageManager pm = AppGlobals.getPackageManager();
+ try {
+ final int packageUid = pm.getPackageUid(packageName, UserHandle.getUserId(callingUid));
+ if (packageUid != callingUid) {
+ throw new SecurityException(
+ "Package " + packageName + " does not belong to calling UID " + callingUid);
+ }
+ } catch (RemoteException e) {
+ throw new SecurityException("Failed to verify package name ownership");
+ }
+
+ final ArrayList<android.content.UriPermission> result = Lists.newArrayList();
synchronized (this) {
- final int callingUid = Binder.getCallingUid();
- final ArrayList<android.content.UriPermission> result = Lists.newArrayList();
- final ArrayMap<Uri, UriPermission> perms = mGrantedUriPermissions.get(callingUid);
- if (perms == null) {
- Slog.w(TAG, "No permission grants found for UID " + callingUid);
+ if (incoming) {
+ final ArrayMap<Uri, UriPermission> perms = mGrantedUriPermissions.get(callingUid);
+ if (perms == null) {
+ Slog.w(TAG, "No permission grants found for " + packageName);
+ } else {
+ final int size = perms.size();
+ for (int i = 0; i < size; i++) {
+ final UriPermission perm = perms.valueAt(i);
+ if (packageName.equals(perm.targetPkg) && perm.persistedModeFlags != 0) {
+ result.add(perm.buildPersistedPublicApiObject());
+ }
+ }
+ }
} else {
- final int size = perms.size();
+ final int size = mGrantedUriPermissions.size();
for (int i = 0; i < size; i++) {
- final UriPermission perm = perms.valueAt(i);
- if (perm.persistedModeFlags != 0) {
- result.add(perm.buildPersistedPublicApiObject());
+ final ArrayMap<Uri, UriPermission> perms = mGrantedUriPermissions.valueAt(i);
+ final int permsSize = perms.size();
+ for (int j = 0; j < permsSize; j++) {
+ final UriPermission perm = perms.valueAt(j);
+ if (packageName.equals(perm.sourcePkg) && perm.persistedModeFlags != 0) {
+ result.add(perm.buildPersistedPublicApiObject());
+ }
}
}
}
- return new ParceledListSlice<android.content.UriPermission>(result);
}
+ return new ParceledListSlice<android.content.UriPermission>(result);
}
@Override
diff --git a/services/java/com/android/server/am/UriPermission.java b/services/java/com/android/server/am/UriPermission.java
index 5868c08..684f247 100644
--- a/services/java/com/android/server/am/UriPermission.java
+++ b/services/java/com/android/server/am/UriPermission.java
@@ -20,7 +20,6 @@
import android.net.Uri;
import android.os.UserHandle;
import android.util.Log;
-import android.util.Slog;
import com.android.internal.util.Preconditions;
import com.google.android.collect.Sets;