Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_apps_Settings / 17cd85b946a71a3afaa569da326ac029f28c7794^! / .
commit17cd85b946a71a3afaa569da326ac029f28c7794[log] [tgz]
authorArc Wang <arcwang@google.com>Wed Dec 14 11:08:53 2022 +0800
committerArc Wang <arcwang@google.com>Thu Dec 15 03:41:33 2022 +0000
tree46e16ee721207c1a24ad43cfc90435c6daa7b112
parent960c96474dcf17ee7f306e1496f5fab223b2500e [diff]
Check Uri permission for FLAG_GRANT_READ/WRITE_URI_PERMISSION

To improve security, calling app must be granted Uri permission
if it sets FLAG_GRANT_READ/WRITE_URI_PERMISSION in the Intent of
ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY.

Bug: 250589026
Test: manual
Change-Id: I48f88c662b843212b1066369badff84cf98935a8
Merged-In: I48f88c662b843212b1066369badff84cf98935a8

diff --git a/src/com/android/settings/homepage/SettingsHomepageActivity.java b/src/com/android/settings/homepage/SettingsHomepageActivity.java
index 073ce6a..0311ea3 100644
--- a/src/com/android/settings/homepage/SettingsHomepageActivity.java
+++ b/src/com/android/settings/homepage/SettingsHomepageActivity.java

@@ -369,7 +369,16 @@
             return;
         }
 
-        if (!hasPrivilegedAccess(targetActivityInfo)) {
+        int callingUid = -1;
+        try {
+            callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
+        } catch (RemoteException re) {
+            Log.e(TAG, "Not able to get callingUid: " + re);
+            finish();
+            return;
+        }
+
+        if (!hasPrivilegedAccess(callingUid, targetActivityInfo)) {
             if (!targetActivityInfo.exported) {
                 Log.e(TAG, "Target Activity is not exported");
                 finish();
@@ -400,6 +409,19 @@
         targetIntent.setData(intent.getParcelableExtra(
                 SettingsHomepageActivity.EXTRA_SETTINGS_LARGE_SCREEN_DEEP_LINK_INTENT_DATA));
 
+        // Only allow FLAG_GRANT_READ/WRITE_URI_PERMISSION if calling app has the permission to
+        // access specified Uri.
+        int uriPermissionFlags = targetIntent.getFlags()
+                & (Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
+        if (targetIntent.getData() != null
+                && uriPermissionFlags != 0
+                && checkUriPermission(targetIntent.getData(), /* pid= */ -1, callingUid,
+                        uriPermissionFlags) == PackageManager.PERMISSION_DENIED) {
+            Log.e(TAG, "Calling app must have the permission to access Uri and grant permission");
+            finish();
+            return;
+        }
+
         // Set 2-pane pair rule for the deep link page.
         ActivityEmbeddingRulesController.registerTwoPanePairRule(this,
                 new ComponentName(getApplicationContext(), getClass()),
@@ -419,20 +441,12 @@
     }
 
     // Check if calling app has privileged access to launch Activity of activityInfo.
-    private boolean hasPrivilegedAccess(ActivityInfo activityInfo) {
+    private boolean hasPrivilegedAccess(int callingUid, ActivityInfo activityInfo) {
         if (TextUtils.equals(PasswordUtils.getCallingAppPackageName(getActivityToken()),
                     getPackageName())) {
             return true;
         }
 
-        int callingUid = -1;
-        try {
-            callingUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
-        } catch (RemoteException re) {
-            Log.e(TAG, "Not able to get callingUid: " + re);
-            return false;
-        }
-
         int targetUid = -1;
         try {
             targetUid = getPackageManager().getApplicationInfo(activityInfo.packageName,