Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 12fd5027fb42f6a92663e9c3d1a89430f390d3fa^1..12fd5027fb42f6a92663e9c3d1a89430f390d3fa / .
commit12fd5027fb42f6a92663e9c3d1a89430f390d3fa[log] [tgz]
authorTreehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>Wed Sep 06 03:15:50 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Wed Sep 06 03:15:50 2023 +0000
tree11b6fb52cef3d034c731e427a2e9e6afcce3019e
parentee3b862f64e7cfb11730a66d8d46eb125940c141 [diff]
parent3b18ce1510e0762cc56467ec7d4990ab45cc9bfc [diff]
Merge "Validate URI-based shortcut icon at creation time." into rvc-dev am: bdcf6b3c0f am: bf3e2fd99a am: 37fbb483b2 am: ac61b7d030 am: f9a2bcf245 am: 6824374b6b am: 88d743c868 am: 3b18ce1510

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24046929

Change-Id: Ic87fa8f5129fff7e45a1226d573d34fd6eb24f36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 710e0b7..dd434fbe 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java

@@ -37,6 +37,7 @@
 import android.appwidget.AppWidgetProviderInfo;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
+import android.content.ContentProvider;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -1927,11 +1928,32 @@
         }
         if (shortcut.getIcon() != null) {
             ShortcutInfo.validateIcon(shortcut.getIcon());
+            validateIconURI(shortcut);
         }
 
         shortcut.replaceFlags(shortcut.getFlags() & ShortcutInfo.FLAG_LONG_LIVED);
     }
 
+    // Validates the calling process has permission to access shortcut icon's image uri
+    private void validateIconURI(@NonNull final ShortcutInfo si) {
+        final int callingUid = injectBinderCallingUid();
+        final Icon icon = si.getIcon();
+        if (icon == null) {
+            // There's no icon in this shortcut, nothing to validate here.
+            return;
+        }
+        int iconType = icon.getType();
+        if (iconType != Icon.TYPE_URI && iconType != Icon.TYPE_URI_ADAPTIVE_BITMAP) {
+            // The icon is not URI-based, nothing to validate.
+            return;
+        }
+        final Uri uri = icon.getUri();
+        mUriGrantsManagerInternal.checkGrantUriPermission(callingUid, si.getPackage(),
+                ContentProvider.getUriWithoutUserId(uri),
+                Intent.FLAG_GRANT_READ_URI_PERMISSION,
+                ContentProvider.getUserIdFromUri(uri, UserHandle.getUserId(callingUid)));
+    }
+
     private void fixUpIncomingShortcutInfo(@NonNull ShortcutInfo shortcut, boolean forUpdate) {
         fixUpIncomingShortcutInfo(shortcut, forUpdate, /*forPinRequest=*/ false);
     }