Check Uri permission for FLAG_GRANT_READ/WRITE_URI_PERMISSION am: 0f7f913281

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/20727211

Change-Id: I3d26e8d54ebf5ad307f58fb6119c89df33798356
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

src/com/android/settings/homepage/SettingsHomepageActivity.java

@@ -448,7 +448,16 @@ public class SettingsHomepageActivity extends FragmentActivity implements
             return;
         }
 
-        if (!hasPrivilegedAccess(targetActivityInfo)) {
+        int callingUid = -1;
+        try {
+            callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
+        } catch (RemoteException re) {
+            Log.e(TAG, "Not able to get callingUid: " + re);
+            finish();
+            return;
+        }
+
+        if (!hasPrivilegedAccess(callingUid, targetActivityInfo)) {
             if (!targetActivityInfo.exported) {
                 Log.e(TAG, "Target Activity is not exported");
                 finish();
@@ -479,6 +488,19 @@ public class SettingsHomepageActivity extends FragmentActivity implements
         targetIntent.setData(intent.getParcelableExtra(
                 SettingsHomepageActivity.EXTRA_SETTINGS_LARGE_SCREEN_DEEP_LINK_INTENT_DATA));
 
+        // Only allow FLAG_GRANT_READ/WRITE_URI_PERMISSION if calling app has the permission to
+        // access specified Uri.
+        int uriPermissionFlags = targetIntent.getFlags()
+                & (Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
+        if (targetIntent.getData() != null
+                && uriPermissionFlags != 0
+                && checkUriPermission(targetIntent.getData(), /* pid= */ -1, callingUid,
+                        uriPermissionFlags) == PackageManager.PERMISSION_DENIED) {
+            Log.e(TAG, "Calling app must have the permission to access Uri and grant permission");
+            finish();
+            return;
+        }
+
         // Set 2-pane pair rule for the deep link page.
         ActivityEmbeddingRulesController.registerTwoPanePairRule(this,
                 new ComponentName(getApplicationContext(), getClass()),
@@ -504,20 +526,12 @@ public class SettingsHomepageActivity extends FragmentActivity implements
     }
 
     // Check if calling app has privileged access to launch Activity of activityInfo.
-    private boolean hasPrivilegedAccess(ActivityInfo activityInfo) {
+    private boolean hasPrivilegedAccess(int callingUid, ActivityInfo activityInfo) {
         if (TextUtils.equals(PasswordUtils.getCallingAppPackageName(getActivityToken()),
                     getPackageName())) {
             return true;
         }
 
-        int callingUid = -1;
-        try {
-            callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
-        } catch (RemoteException re) {
-            Log.e(TAG, "Not able to get callingUid: " + re);
-            return false;
-        }
-
         int targetUid = -1;
         try {
             targetUid = getPackageManager().getApplicationInfo(activityInfo.packageName,