Why must throw SecurityException in checkGrantUriPermissionLocked() ?

[sharon.hou]

Hi,

Does anyone know why must throw SecurityException in ActivityManagerService.checkGrantUriPermissionLocked() ? How about just return -1, not granting the permission?

With current design, in some cases, for example below trace, call doPendingActivityLaunchesLocked()  to handle pending activity which is not granted related permission, the SecurityException will be thown in am, then result in systemserver crash.  But actually this is just reporting that the application(uid=10111) does not have permission to launch the requested activity, it is not reasonable to make systemserver crash.

The trace is :

12-01 09:53:36.048 736 757 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: ActivityManager 12-01 09:53:36.048 736 757 E AndroidRuntime: java.lang.SecurityException: Uid 10111 does not have permission to uri content://com.yahoo.mobile.client.android.mail.provider.Mail/accounts/1/folders/43/messages/14933/attachments/692 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.checkGrantUriPermissionLocked(ActivityManagerService.java:5239) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.checkGrantUriPermissionFromIntentLocked(ActivityManagerService.java:5349) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.grantUriPermissionFromIntentLocked(ActivityManagerService.java:5402) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityStack.startActivityUncheckedLocked(ActivityStack.java:3047) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService.doPendingActivityLaunchesLocked(ActivityManagerService.java:2527) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService$2.handleMessage(ActivityManagerService.java:1170) 12-01 09:53:36.048 736 757 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:99) 12-01 09:53:36.048 736 757 E AndroidRuntime: at android.os.Looper.loop(Looper.java:137) 12-01 09:53:36.048 736 757 E AndroidRuntime: at com.android.server.am.ActivityManagerService$AThread.run(ActivityManagerService.java:1579)

12-01 09:53:36.058 736 757 I Process : Sending signal. PID: 736 SIG: 9 12-01 09:53:36.128 322 322 I ServiceManager: service 'dbinfo' died 12-01 09:53:36.128 322 322 I ServiceManager: service 'battery' died
The code is :

        // Second...  is the provider allowing granting of URI permissions?
        if (!pi.grantUriPermissions) {
            throw new SecurityException("Provider " + pi.packageName
                    + "/" + pi.name
                    + " does not allow granting of Uri permissions (uri "
                    + uri + ")");
        }

            if (!allowed) {
                throw new SecurityException("Provider " + pi.packageName
                        + "/" + pi.name
                        + " does not allow granting of permission to path of Uri "
                        + uri);
            }

        // Third...  does the caller itself have permission to access
        // this uri?
        if (callingUid != Process.myUid()) {
            if (!checkHoldingPermissionsLocked(pm, pi, uri, callingUid, modeFlags)) {
                if (!checkUriPermissionLocked(uri, callingUid, modeFlags)) {
                    throw new SecurityException("Uid " + callingUid
                            + " does not have permission to uri " + uri);
                }
            }
        }

Sharon