commit fb833f38a0c9a27b55784f2bf3dcd7aa7d652157
author Jeff Sharkey <jsharkey@android.com> Thu Dec 01 14:59:59 2016 -0700
committer Jeff Sharkey <jsharkey@android.com> Thu Dec 01 15:01:19 2016 -0700
tree fdb3bd390480dc80652c7f151aa5948135ced14b
parent aac3cba5311622061d648e92bf385da2087ce18e

Detect content:// leaving apps without grants.

Developers regularly put content:// Uris into Intents, but they can
easily forget to add FLAG_GRANT_READ_URI_PERMISSION to actually
extend a permission grant to the receiving app.

Also fix NPE when path is missing.

Test: builds, boots, common actions work without triggering
Bug: 32447617, 31900890
Change-Id: Ic6054b1d73de50967cf7fe66abc293c60a41b97e

core/java/android/content/Intent.java

diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 50589fe..a5d7999 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -9009,7 +9009,7 @@
             mSelector.prepareToLeaveProcess(leavingPackage);
         }
         if (mClipData != null) {
-            mClipData.prepareToLeaveProcess(leavingPackage);
+            mClipData.prepareToLeaveProcess(leavingPackage, getFlags());
         }
 
         if (mAction != null && mData != null && StrictMode.vmFileUriExposureEnabled()
@@ -9036,6 +9036,17 @@
                     mData.checkFileUriExposed("Intent.getData()");
             }
         }
+
+        if (mAction != null && mData != null && StrictMode.vmContentUriWithoutPermissionEnabled()
+                && leavingPackage) {
+            switch (mAction) {
+                case ACTION_PROVIDER_CHANGED:
+                    // Ignore actions that don't need to grant
+                    break;
+                default:
+                    mData.checkContentUriWithoutPermission("Intent.getData()", getFlags());
+            }
+        }
     }
 
     /**