Correctly verify availability of Android content URIs

* java/org/gnu/emacs/EmacsService.java (checkContentUri): Call
checkUriPermission with IPC-effective PID and UID rather than
checkCallingUriPermission, which never considers permissions of
Emacs itself, and delete the now-redundant workaround.

(cherry picked from commit c19b988c2967f13597b7a3ceafb7c3cd40d83458)

diff --git a/java/org/gnu/emacs/EmacsService.java b/java/org/gnu/emacs/EmacsService.java
index fd0526530874e0a5f5dff188dc9a57f33947da87..b1ec397bc41ee85569fe2f5e3bc74a646727e95e 100644 (file)
--- a/java/org/gnu/emacs/EmacsService.java
+++ b/java/org/gnu/emacs/EmacsService.java
@@ -70,15 +70,16 @@ import android.hardware.input.InputManager;
 import android.net.Uri;
 
 import android.os.BatteryManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Environment;
-import android.os.Looper;
-import android.os.IBinder;
 import android.os.Handler;
+import android.os.IBinder;
+import android.os.Looper;
 import android.os.ParcelFileDescriptor;
+import android.os.VibrationEffect;
 import android.os.Vibrator;
 import android.os.VibratorManager;
-import android.os.VibrationEffect;
 
 import android.provider.DocumentsContract;
 import android.provider.DocumentsContract.Document;
@@ -1027,11 +1028,8 @@ public final class EmacsService extends Service
   public boolean
   checkContentUri (String name, boolean readable, boolean writable)
   {
-    String mode;
-    ParcelFileDescriptor fd;
     Uri uri;
     int rc, flags;
-    ParcelFileDescriptor descriptor;
 
     uri = Uri.parse (name);
     flags = 0;
@@ -1042,47 +1040,21 @@ public final class EmacsService extends Service
     if (writable)
       flags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
 
-    rc = checkCallingUriPermission (uri, flags);
-
-    if (rc == PackageManager.PERMISSION_GRANTED)
-      return true;
-
-    /* In the event checkCallingUriPermission fails and only read
-       permissions are being verified, attempt to query the URI.  This
-       enables ascertaining whether drag and drop URIs can be
-       accessed, something otherwise not provided for.  */
-
-    descriptor = null;
-
-    try
-      {
-        descriptor = resolver.openFileDescriptor (uri, "r");
-       return true;
-      }
-    catch (Exception exception)
-      {
-       /* Ignored.  */
-      }
-    finally
-      {
-       try
-         {
-           if (descriptor != null)
-             descriptor.close ();
-         }
-       catch (IOException exception)
-         {
-           /* Ignored.  */
-         }
-      }
+    /* checkCallingUriPermission deals with permissions held by callers
+       of functions over the Binder IPC mechanism as contrasted with
+       Emacs itself, while getCallingPid and getCallingUid, despite the
+       class where they reside, return the process credentials against
+       which the system will actually test URIs being opened.  */
 
-    return false;
+    rc = checkUriPermission (uri, Binder.getCallingPid (),
+                            Binder.getCallingUid (), flags);
+    return rc == PackageManager.PERMISSION_GRANTED;
   }
 
   /* Return a 8 character checksum for the string STRING, after encoding
      as UTF-8 data.  */
 
-  public static String
+  private static String
   getDisplayNameHash (String string)
   {
     byte[] encoded;