From e289f652cf76c0cd45fe2cad3d19763d5be452dd Mon Sep 17 00:00:00 2001
From: Po Lu <luangruo@yahoo.com>
Date: Thu, 18 Apr 2024 10:37:31 +0800
Subject: [PATCH] Correctly verify availability of Android content URIs

* java/org/gnu/emacs/EmacsService.java (checkContentUri): Call
checkUriPermission with IPC-effective PID and UID rather than
checkCallingUriPermission, which never considers permissions of
Emacs itself, and delete the now-redundant workaround.

(cherry picked from commit c19b988c2967f13597b7a3ceafb7c3cd40d83458)
---
 java/org/gnu/emacs/EmacsService.java | 54 +++++++---------------------
 1 file changed, 13 insertions(+), 41 deletions(-)

diff --git a/java/org/gnu/emacs/EmacsService.java b/java/org/gnu/emacs/EmacsService.java
index fd052653087..b1ec397bc41 100644
--- a/java/org/gnu/emacs/EmacsService.java
+++ b/java/org/gnu/emacs/EmacsService.java
@@ -70,15 +70,16 @@ import android.hardware.input.InputManager;
 import android.net.Uri;
 
 import android.os.BatteryManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Environment;
-import android.os.Looper;
-import android.os.IBinder;
 import android.os.Handler;
+import android.os.IBinder;
+import android.os.Looper;
 import android.os.ParcelFileDescriptor;
+import android.os.VibrationEffect;
 import android.os.Vibrator;
 import android.os.VibratorManager;
-import android.os.VibrationEffect;
 
 import android.provider.DocumentsContract;
 import android.provider.DocumentsContract.Document;
@@ -1027,11 +1028,8 @@ public final class EmacsService extends Service
   public boolean
   checkContentUri (String name, boolean readable, boolean writable)
   {
-    String mode;
-    ParcelFileDescriptor fd;
     Uri uri;
     int rc, flags;
-    ParcelFileDescriptor descriptor;
 
     uri = Uri.parse (name);
     flags = 0;
@@ -1042,47 +1040,21 @@ public final class EmacsService extends Service
     if (writable)
       flags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
 
-    rc = checkCallingUriPermission (uri, flags);
-
-    if (rc == PackageManager.PERMISSION_GRANTED)
-      return true;
-
-    /* In the event checkCallingUriPermission fails and only read
-       permissions are being verified, attempt to query the URI.  This
-       enables ascertaining whether drag and drop URIs can be
-       accessed, something otherwise not provided for.  */
-
-    descriptor = null;
-
-    try
-      {
-        descriptor = resolver.openFileDescriptor (uri, "r");
-	return true;
-      }
-    catch (Exception exception)
-      {
-	/* Ignored.  */
-      }
-    finally
-      {
-	try
-	  {
-	    if (descriptor != null)
-	      descriptor.close ();
-	  }
-	catch (IOException exception)
-	  {
-	    /* Ignored.  */
-	  }
-      }
+    /* checkCallingUriPermission deals with permissions held by callers
+       of functions over the Binder IPC mechanism as contrasted with
+       Emacs itself, while getCallingPid and getCallingUid, despite the
+       class where they reside, return the process credentials against
+       which the system will actually test URIs being opened.  */
 
-    return false;
+    rc = checkUriPermission (uri, Binder.getCallingPid (),
+			     Binder.getCallingUid (), flags);
+    return rc == PackageManager.PERMISSION_GRANTED;
   }
 
   /* Return a 8 character checksum for the string STRING, after encoding
      as UTF-8 data.  */
 
-  public static String
+  private static String
   getDisplayNameHash (String string)
   {
     byte[] encoded;
-- 
2.39.5