DO NOT MERGE. KEY_INTENT shouldn't grant permissions. KEY_INTENT has no business granting any Uri permissions, so remove any grant flags that malicious apps may have tried sneaking in. Test: builds, boots Bug: 32990341, 32879915 Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42

commit: c4f4dfedf8c961b7156fd3b98a4facacfa9002ff [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Mon Jun 12 17:33:07 2017 -0600
committer: Jeff Sharkey <jsharkey@google.com> Tue Oct 03 21:22:06 2017 +0000
tree: bc318210ae17d4377e29dc9a151186610a57a38c
parent: 17735f183a3b7e3e1f89049865ddaa4eee6f3985 [diff]
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index cb6cb21..5a21046 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java

@@ -3860,6 +3860,10 @@
         protected void checkKeyIntent(
                 int authUid,
                 Intent intent) throws SecurityException {
+            intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                    | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                    | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                    | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
             long bid = Binder.clearCallingIdentity();
             try {
                 PackageManager pm = mContext.getPackageManager();
commit	c4f4dfedf8c961b7156fd3b98a4facacfa9002ff	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Mon Jun 12 17:33:07 2017 -0600
committer	Jeff Sharkey <jsharkey@google.com>	Tue Oct 03 21:22:06 2017 +0000
tree	bc318210ae17d4377e29dc9a151186610a57a38c
parent	17735f183a3b7e3e1f89049865ddaa4eee6f3985 [diff]