diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2020-04-12 16:00:04 -0600 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2020-05-28 18:29:58 -0600 |
| commit | 938089f3760f063a00b7e4f53403671b83e85e75 (patch) | |
| tree | 560754f819fb35309aaa63d1177a0b1eb0e928ac /services/devicepolicy | |
| parent | 7912eb5ef81fd557f8fdcf9df9a07c2c79f19d59 (diff) | |
Initial splitting of calculation and grants.
In upcoming changes, we'll need to shift the calculation of needed
permission grants to occur before we acquire any AM/WM locks; we'll
continue to use that calculated list when actually granting.
This change also reduces the surface area of how callers in the
system server interact with Uri permissions to reduce the risk of
accidental misuse.
This is a no-op refactoring.
Bug: 115619667
Test: atest FrameworksServicesTests:com.android.server.uri
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.AppSecurityTests#testPermissionDiffCert
Change-Id: Ied529156205903f9b02b4265963fdf59f7dd7f92
Diffstat (limited to 'services/devicepolicy')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index b7a9ba56c013..06a7a9e4db4a 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -297,6 +297,7 @@ import com.android.server.pm.RestrictionsSet; import com.android.server.pm.UserRestrictionsUtils; import com.android.server.pm.parsing.pkg.AndroidPackage; import com.android.server.storage.DeviceStorageMonitorInternal; +import com.android.server.uri.NeededUriGrants; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.wm.ActivityTaskManagerInternal; @@ -8365,10 +8366,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash); intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); - LocalServices.getService(UriGrantsManagerInternal.class) - .grantUriPermissionFromIntent(Process.SHELL_UID, - mOwners.getDeviceOwnerComponent().getPackageName(), - intent, mOwners.getDeviceOwnerUserId()); + final UriGrantsManagerInternal ugm = LocalServices + .getService(UriGrantsManagerInternal.class); + final NeededUriGrants needed = ugm.checkGrantUriPermissionFromIntent(intent, + Process.SHELL_UID, mOwners.getDeviceOwnerComponent().getPackageName(), + mOwners.getDeviceOwnerUserId()); + ugm.grantUriPermissionUncheckedFromIntent(needed, null); + mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); } } catch (FileNotFoundException e) { |