PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check Uri permission for FLAG_GRANT_READ/WRITE_URI_PERMISSION

Browse Source 
To improve security, calling app must be granted Uri permission
if it sets FLAG_GRANT_READ/WRITE_URI_PERMISSION in the Intent of
ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY.

Bug: 250589026
Test: manual
Change-Id: I48f88c662b843212b1066369badff84cf98935a8
Merged-In: I48f88c662b843212b1066369badff84cf98935a8
This commit is contained in:
Arc Wang
2022-12-14 11:08:53 +08:00
parent f964b68fee
commit 95ff075244
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/com/android/settings/homepage/SettingsHomepageActivity.java
View File

@@ -460,7 +460,16 @@ public class SettingsHomepageActivity extends FragmentActivity implements
return;
}
if (!hasPrivilegedAccess(targetActivityInfo)) {
int callingUid = -1;
try {
callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
} catch (RemoteException re) {
Log.e(TAG, "Not able to get callingUid: " + re);
finish();
return;
}
if (!hasPrivilegedAccess(callingUid, targetActivityInfo)) {
if (!targetActivityInfo.exported) {
Log.e(TAG, "Target Activity is not exported");
finish();
@@ -491,6 +500,19 @@ public class SettingsHomepageActivity extends FragmentActivity implements
targetIntent.setData(intent.getParcelableExtra(
SettingsHomepageActivity.EXTRA_SETTINGS_LARGE_SCREEN_DEEP_LINK_INTENT_DATA));
// Only allow FLAG_GRANT_READ/WRITE_URI_PERMISSION if calling app has the permission to
// access specified Uri.
int uriPermissionFlags = targetIntent.getFlags()
& (Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
if (targetIntent.getData() != null
&& uriPermissionFlags != 0
&& checkUriPermission(targetIntent.getData(), /* pid= */ -1, callingUid,
uriPermissionFlags) == PackageManager.PERMISSION_DENIED) {
Log.e(TAG, "Calling app must have the permission to access Uri and grant permission");
finish();
return;
}
// Set 2-pane pair rule for the deep link page.
ActivityEmbeddingRulesController.registerTwoPanePairRule(this,
new ComponentName(getApplicationContext(), getClass()),
@@ -516,20 +538,12 @@ public class SettingsHomepageActivity extends FragmentActivity implements
}
// Check if calling app has privileged access to launch Activity of activityInfo.
private boolean hasPrivilegedAccess(ActivityInfo activityInfo) {
private boolean hasPrivilegedAccess(int callingUid, ActivityInfo activityInfo) {
if (TextUtils.equals(PasswordUtils.getCallingAppPackageName(getActivityToken()),
getPackageName())) {
return true;
}
int callingUid = -1;
try {
callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
} catch (RemoteException re) {
Log.e(TAG, "Not able to get callingUid: " + re);
return false;
}
int targetUid = -1;
try {
targetUid = getPackageManager().getApplicationInfo(activityInfo.packageName,