Correctly verify availability of Android content URIs
* java/org/gnu/emacs/EmacsService.java (checkContentUri): Call checkUriPermission with IPC-effective PID and UID rather than checkCallingUriPermission, which never considers permissions of Emacs itself, and delete the now-redundant workaround.
This commit is contained in:
Po Lu
parent
3cdd86b8af
commit
c19b988c29
1 changed files with 13 additions and 41 deletions
|
|
@ -70,15 +70,16 @@
|
|||
import android.net.Uri;
|
||||
|
||||
import android.os.BatteryManager;
|
||||
import android.os.Binder;
|
||||
import android.os.Build;
|
||||
import android.os.Environment;
|
||||
import android.os.Looper;
|
||||
import android.os.IBinder;
|
||||
import android.os.Handler;
|
||||
import android.os.IBinder;
|
||||
import android.os.Looper;
|
||||
import android.os.ParcelFileDescriptor;
|
||||
import android.os.VibrationEffect;
|
||||
import android.os.Vibrator;
|
||||
import android.os.VibratorManager;
|
||||
import android.os.VibrationEffect;
|
||||
|
||||
import android.provider.DocumentsContract;
|
||||
import android.provider.DocumentsContract.Document;
|
||||
|
|
@ -1027,11 +1028,8 @@ invocation of app_process (through android-emacs) can
|
|||
public boolean
|
||||
checkContentUri (String name, boolean readable, boolean writable)
|
||||
{
|
||||
String mode;
|
||||
ParcelFileDescriptor fd;
|
||||
Uri uri;
|
||||
int rc, flags;
|
||||
ParcelFileDescriptor descriptor;
|
||||
|
||||
uri = Uri.parse (name);
|
||||
flags = 0;
|
||||
|
|
@ -1042,47 +1040,21 @@ invocation of app_process (through android-emacs) can
|
|||
if (writable)
|
||||
flags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
|
||||
|
||||
rc = checkCallingUriPermission (uri, flags);
|
||||
/* checkCallingUriPermission deals with permissions held by callers
|
||||
of functions over the Binder IPC mechanism as contrasted with
|
||||
Emacs itself, while getCallingPid and getCallingUid, despite the
|
||||
class where they reside, return the process credentials against
|
||||
which the system will actually test URIs being opened. */
|
||||
|
||||
if (rc == PackageManager.PERMISSION_GRANTED)
|
||||
return true;
|
||||
|
||||
/* In the event checkCallingUriPermission fails and only read
|
||||
permissions are being verified, attempt to query the URI. This
|
||||
enables ascertaining whether drag and drop URIs can be
|
||||
accessed, something otherwise not provided for. */
|
||||
|
||||
descriptor = null;
|
||||
|
||||
try
|
||||
{
|
||||
descriptor = resolver.openFileDescriptor (uri, "r");
|
||||
return true;
|
||||
}
|
||||
catch (Exception exception)
|
||||
{
|
||||
/* Ignored. */
|
||||
}
|
||||
finally
|
||||
{
|
||||
try
|
||||
{
|
||||
if (descriptor != null)
|
||||
descriptor.close ();
|
||||
}
|
||||
catch (IOException exception)
|
||||
{
|
||||
/* Ignored. */
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
rc = checkUriPermission (uri, Binder.getCallingPid (),
|
||||
Binder.getCallingUid (), flags);
|
||||
return rc == PackageManager.PERMISSION_GRANTED;
|
||||
}
|
||||
|
||||
/* Return a 8 character checksum for the string STRING, after encoding
|
||||
as UTF-8 data. */
|
||||
|
||||
public static String
|
||||
private static String
|
||||
getDisplayNameHash (String string)
|
||||
{
|
||||
byte[] encoded;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue