Merge "Grant visibility even when not granting URI perm" into rvc-dev

2020-07-23 05:20:12 +00:00
parent 40b9f0967e 9406f1dea8
commit 32ff9bfad4
2 changed files with 28 additions and 0 deletions
--- a/services/core/java/com/android/server/uri/UriGrantsManagerService.java
+++ b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
@@ -51,6 +51,7 @@ import android.app.AppGlobals;
 import android.app.GrantedUriPermission;
 import android.app.IUriGrantsManager;
 import android.content.ClipData;
+import android.content.ComponentName;
 import android.content.ContentProvider;
 import android.content.ContentResolver;
 import android.content.Context;
@@ -698,6 +699,11 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
                                final UriPermission perm = findOrCreateUriPermissionLocked(
                                        sourcePkg, targetPkg, targetUid, grantUri);
                                perm.initPersistedModes(modeFlags, createdTime);
+                                mPmInternal.grantImplicitAccess(
+                                        targetUserId, null,
+                                        UserHandle.getAppId(targetUid),
+                                        pi.applicationInfo.uid,
+                                        false /* direct */);
                            }
                        } else {
                            Slog.w(TAG, "Persisted grant for " + uri + " had source " + sourcePkg
@@ -1171,6 +1177,9 @@ public class UriGrantsManagerService extends IUriGrantsManager.Stub {
            // grant, we can skip generating any bookkeeping; when any advanced
            // features have been requested, we proceed below to make sure the
            // provider supports granting permissions
+            mPmInternal.grantImplicitAccess(
+                    UserHandle.getUserId(targetUid), null,
+                    UserHandle.getAppId(targetUid), pi.applicationInfo.uid, false);
            return -1;
        }

--- a/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/uri/UriGrantsManagerServiceTest.java
@@ -43,11 +43,19 @@ import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isNull;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;

 import android.content.ClipData;
 import android.content.Intent;
 import android.content.pm.ProviderInfo;
 import android.net.Uri;
+import android.os.UserHandle;
 import android.util.ArraySet;

 import androidx.test.InstrumentationRegistry;
@@ -62,6 +70,12 @@ public class UriGrantsManagerServiceTest {
    private UriGrantsMockContext mContext;
    private UriGrantsManagerInternal mService;

+    // we expect the following only during grant if a grant is expected
+    private void verifyNoVisibilityGrant() {
+        verify(mContext.mPmInternal, never())
+                .grantImplicitAccess(anyInt(), any(), anyInt(), anyInt(), anyBoolean());
+    }
+
    @Before
    public void setUp() throws Exception {
        mContext = new UriGrantsMockContext(InstrumentationRegistry.getContext());
@@ -83,6 +97,7 @@ public class UriGrantsManagerServiceTest {
        assertEquals(UID_PRIMARY_SOCIAL, needed.targetUid);
        assertEquals(FLAG_READ, needed.flags);
        assertEquals(asSet(expectedGrant), needed.uris);
+        verifyNoVisibilityGrant();
    }

    /**
@@ -100,6 +115,7 @@ public class UriGrantsManagerServiceTest {
        assertEquals(UID_SECONDARY_SOCIAL, needed.targetUid);
        assertEquals(FLAG_READ, needed.flags);
        assertEquals(asSet(expectedGrant), needed.uris);
+        verifyNoVisibilityGrant();
    }

    /**
@@ -111,6 +127,8 @@ public class UriGrantsManagerServiceTest {
        final NeededUriGrants needed = mService.checkGrantUriPermissionFromIntent(
                intent, UID_PRIMARY_PUBLIC, PKG_SOCIAL, USER_PRIMARY);
        assertNull(needed);
+        verify(mContext.mPmInternal).grantImplicitAccess(eq(USER_PRIMARY), isNull(), eq(
+                UserHandle.getAppId(UID_PRIMARY_SOCIAL)), eq(UID_PRIMARY_PUBLIC), eq(false));
    }

    /**
@@ -128,6 +146,7 @@ public class UriGrantsManagerServiceTest {
        assertEquals(UID_SECONDARY_SOCIAL, needed.targetUid);
        assertEquals(FLAG_READ, needed.flags);
        assertEquals(asSet(expectedGrant), needed.uris);
+        verifyNoVisibilityGrant();
    }

    /**