Why must throw SecurityException in checkGrantUriPermissionLocked() ?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Why must throw SecurityException in checkGrantUriPermissionLocked() ?

sharon.hou
Hi,

Does anyone know why must throw SecurityException in ActivityManagerService.checkGrantUriPermissionLocked() ? How about just return -1, not granting the permission?

With current design, in some cases, for example below trace, call doPendingActivityLaunchesLocked()  to handle pending activity which is not granted related permission, the SecurityException will be thown in am, then result in systemserver crash.  But actually this is just reporting that the application(uid=10111) does not have permission to launch the requested activity, it is not reasonable to make systemserver crash.

The trace is :
12-01 09:53:36.048 736 757 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: ActivityManager 12-01 09:53:36.048 736 757 E AndroidRuntime: java.lang.SecurityException: Uid 10111 does not have permission to uri content://com.yahoo.mobile.client.android.mail.provider.Mail/accounts/1/folders/43/messages/14933/attachments/692 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.checkGrantUriPermissionLocked(ActivityManagerService.java:5239) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.checkGrantUriPermissionFromIntentLocked(ActivityManagerService.java:5349) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.grantUriPermissionFromIntentLocked(ActivityManagerService.java:5402) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityStack.startActivityUncheckedLocked(ActivityStack.java:3047) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.doPendingActivityLaunchesLocked(ActivityManagerService.java:2527) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService$2.handleMessage(ActivityManagerService.java:1170) 12-01 09:53:36.048 736 757 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:99) 12-01 09:53:36.048 736 757 E AndroidRuntime: at android.os.Looper.loop(Looper.java:137) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService$AThread.run(ActivityManagerService.java:1579)
12-01 09:53:36.058 736 757 I Process : Sending signal. PID: 736 SIG: 9 12-01 09:53:36.128 322 322 I ServiceManager: service 'dbinfo' died 12-01 09:53:36.128 322 322 I ServiceManager: service 'battery' died
The code is :
        // Second...  is the provider allowing granting of URI permissions?
        if (!pi.grantUriPermissions) {
            throw new SecurityException("Provider " + pi.packageName
                    + "/" + pi.name
                    + " does not allow granting of Uri permissions (uri "
                    + uri + ")");
        }

            if (!allowed) {
                throw new SecurityException("Provider " + pi.packageName
                        + "/" + pi.name
                        + " does not allow granting of permission to path of Uri "
                        + uri);
            }

        // Third...  does the caller itself have permission to access
        // this uri?
        if (callingUid != Process.myUid()) {
            if (!checkHoldingPermissionsLocked(pm, pi, uri, callingUid, modeFlags)) {
                if (!checkUriPermissionLocked(uri, callingUid, modeFlags)) {
                    throw new SecurityException("Uid " + callingUid
                            + " does not have permission to uri " + uri);
                }
            }
        }

Sharon

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To view this discussion on the web visit https://groups.google.com/d/msg/android-platform/-/o16VGuhBDGwJ.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/android-platform?hl=en.