Correctly verify availability of Android content URIs

* java/org/gnu/emacs/EmacsService.java (checkContentUri): Call checkUriPermission with IPC-effective PID and UID rather than checkCallingUriPermission, which never considers permissions of Emacs itself, and delete the now-redundant workaround.
author: Po Lu 2024-04-18 10:37:31 +0800
committer: Po Lu 2024-04-18 10:38:22 +0800
commit: c19b988c2967f13597b7a3ceafb7c3cd40d83458 (patch)
tree: 9e439752e540ef1f53541a9007ca57d5a99a46c4
parent: 3cdd86b8affa6d58de8f6d07b4e117676fedd58c (diff)
download: emacs-c19b988c2967f13597b7a3ceafb7c3cd40d83458.tar.gz
emacs-c19b988c2967f13597b7a3ceafb7c3cd40d83458.zip
1 files changed, 13 insertions, 41 deletions
diff --git a/java/org/gnu/emacs/EmacsService.java b/java/org/gnu/emacs/EmacsService.java
index fd052653087..b1ec397bc41 100644
--- a/java/org/gnu/emacs/EmacsService.java
+++ b/java/org/gnu/emacs/EmacsService.java
@@ -70,15 +70,16 @@ import android.hardware.input.InputManager;
 import android.net.Uri;
 import android.os.BatteryManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Environment;
-import android.os.Looper;
-import android.os.IBinder;
 import android.os.Handler;
+import android.os.IBinder;
+import android.os.Looper;
 import android.os.ParcelFileDescriptor;
+import android.os.VibrationEffect;
 import android.os.Vibrator;
 import android.os.VibratorManager;
-import android.os.VibrationEffect;
 import android.provider.DocumentsContract;
 import android.provider.DocumentsContract.Document;
@@ -1027,11 +1028,8 @@ public final class EmacsService extends Service
  public boolean
  checkContentUri (String name, boolean readable, boolean writable)
  {
-    String mode;
-    ParcelFileDescriptor fd;
    Uri uri;
    int rc, flags;
-    ParcelFileDescriptor descriptor;
    uri = Uri.parse (name);
    flags = 0;
@@ -1042,47 +1040,21 @@ public final class EmacsService extends Service
    if (writable)
      flags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
-    rc = checkCallingUriPermission (uri, flags);
+    /* checkCallingUriPermission deals with permissions held by callers
+       of functions over the Binder IPC mechanism as contrasted with
-    if (rc == PackageManager.PERMISSION_GRANTED)
+       Emacs itself, while getCallingPid and getCallingUid, despite the
-      return true;
+       class where they reside, return the process credentials against
+       which the system will actually test URIs being opened.  */
-    /* In the event checkCallingUriPermission fails and only read
-       permissions are being verified, attempt to query the URI.  This
-       enables ascertaining whether drag and drop URIs can be
-       accessed, something otherwise not provided for.  */
-    descriptor = null;
-    try
-      {
-        descriptor = resolver.openFileDescriptor (uri, "r");
-        return true;
-      }
-    catch (Exception exception)
-      {
-        /* Ignored.  */
-      }
-    finally
-      {
-        try
-          {
-            if (descriptor != null)
-              descriptor.close ();
-          }
-        catch (IOException exception)
-          {
-            /* Ignored.  */
-          }
-      }
-    return false;
+    rc = checkUriPermission (uri, Binder.getCallingPid (),
+                             Binder.getCallingUid (), flags);
+    return rc == PackageManager.PERMISSION_GRANTED;
  }
  /* Return a 8 character checksum for the string STRING, after encoding
     as UTF-8 data.  */
-  public static String
+  private static String
  getDisplayNameHash (String string)
  {
    byte[] encoded;
author	Po Lu	2024-04-18 10:37:31 +0800
committer	Po Lu	2024-04-18 10:38:22 +0800
commit	c19b988c2967f13597b7a3ceafb7c3cd40d83458 (patch)
tree	9e439752e540ef1f53541a9007ca57d5a99a46c4
parent	3cdd86b8affa6d58de8f6d07b4e117676fedd58c (diff)
download	emacs-c19b988c2967f13597b7a3ceafb7c3cd40d83458.tar.gz emacs-c19b988c2967f13597b7a3ceafb7c3cd40d83458.zip

diff --git a/java/org/gnu/emacs/EmacsService.java b/java/org/gnu/emacs/EmacsService.java index fd052653087..b1ec397bc41 100644 --- a/java/org/gnu/emacs/EmacsService.java +++ b/java/org/gnu/emacs/EmacsService.java
@@ -70,15 +70,16 @@ import android.hardware.input.InputManager;
70	import android.net.Uri;	70	import android.net.Uri;
71		71
72	import android.os.BatteryManager;	72	import android.os.BatteryManager;
		73	import android.os.Binder;
73	import android.os.Build;	74	import android.os.Build;
74	import android.os.Environment;	75	import android.os.Environment;
75	import android.os.Looper;
76	import android.os.IBinder;
77	import android.os.Handler;	76	import android.os.Handler;
		77	import android.os.IBinder;
		78	import android.os.Looper;
78	import android.os.ParcelFileDescriptor;	79	import android.os.ParcelFileDescriptor;
		80	import android.os.VibrationEffect;
79	import android.os.Vibrator;	81	import android.os.Vibrator;
80	import android.os.VibratorManager;	82	import android.os.VibratorManager;
81	import android.os.VibrationEffect;
82		83
83	import android.provider.DocumentsContract;	84	import android.provider.DocumentsContract;
84	import android.provider.DocumentsContract.Document;	85	import android.provider.DocumentsContract.Document;
@@ -1027,11 +1028,8 @@ public final class EmacsService extends Service
1027	public boolean	1028	public boolean
1028	checkContentUri (String name, boolean readable, boolean writable)	1029	checkContentUri (String name, boolean readable, boolean writable)
1029	{	1030	{
1030	String mode;
1031	ParcelFileDescriptor fd;
1032	Uri uri;	1031	Uri uri;
1033	int rc, flags;	1032	int rc, flags;
1034	ParcelFileDescriptor descriptor;
1035		1033
1036	uri = Uri.parse (name);	1034	uri = Uri.parse (name);
1037	flags = 0;	1035	flags = 0;
@@ -1042,47 +1040,21 @@ public final class EmacsService extends Service
1042	if (writable)	1040	if (writable)
1043	flags \|= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;	1041	flags \|= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
1044		1042
1045	rc = checkCallingUriPermission (uri, flags);	1043	/* checkCallingUriPermission deals with permissions held by callers
1046		1044	of functions over the Binder IPC mechanism as contrasted with
1047	if (rc == PackageManager.PERMISSION_GRANTED)	1045	Emacs itself, while getCallingPid and getCallingUid, despite the
1048	return true;	1046	class where they reside, return the process credentials against
1049		1047	which the system will actually test URIs being opened. */
1050	/* In the event checkCallingUriPermission fails and only read
1051	permissions are being verified, attempt to query the URI. This
1052	enables ascertaining whether drag and drop URIs can be
1053	accessed, something otherwise not provided for. */
1054
1055	descriptor = null;
1056
1057	try
1058	{
1059	descriptor = resolver.openFileDescriptor (uri, "r");
1060	return true;
1061	}
1062	catch (Exception exception)
1063	{
1064	/* Ignored. */
1065	}
1066	finally
1067	{
1068	try
1069	{
1070	if (descriptor != null)
1071	descriptor.close ();
1072	}
1073	catch (IOException exception)
1074	{
1075	/* Ignored. */
1076	}
1077	}
1078		1048
1079	return false;	1049	rc = checkUriPermission (uri, Binder.getCallingPid (),
		1050	Binder.getCallingUid (), flags);
		1051	return rc == PackageManager.PERMISSION_GRANTED;
1080	}	1052	}
1081		1053
1082	/* Return a 8 character checksum for the string STRING, after encoding	1054	/* Return a 8 character checksum for the string STRING, after encoding
1083	as UTF-8 data. */	1055	as UTF-8 data. */
1084		1056
1085	public static String	1057	private static String
1086	getDisplayNameHash (String string)	1058	getDisplayNameHash (String string)
1087	{	1059	{
1088	byte[] encoded;	1060	byte[] encoded;