diff options
| author | Peter Qiu <zqiu@google.com> | 2017-01-30 12:55:09 -0800 |
|---|---|---|
| committer | Sean McCreary <mccreary@mcwest.org> | 2017-03-22 12:48:15 -0600 |
| commit | 70513a41f11019e953d7583a64770675574aa327 (patch) | |
| tree | 153e8b4fb233dfa4226bbc623718def80c585710 | |
| parent | 3fc44f931a8de96138ebfdc0d80238c30adc2288 (diff) | |
| download | android_packages_apps_CertInstaller-70513a41f11019e953d7583a64770675574aa327.tar.gz android_packages_apps_CertInstaller-70513a41f11019e953d7583a64770675574aa327.tar.bz2 android_packages_apps_CertInstaller-70513a41f11019e953d7583a64770675574aa327.zip | |
WifiInstaller: add permission for access downloaded files
The previous fix for the security vulnerability b/33178389
add the code to drop the downloaded installation file but
forget to update the manifest for additional permission. This
omission was due to that the original fix was merged from
mnc-dev, which doesn't have such permission requirement.
So add the required permission for deleting downloaded
installation file.
Bug: 33178389
Test: Verify WifiInstaller works and not crashing due permission
denied exception
CVE-2017-0490
Change-Id: I987ad73dde0e3cc5b920cd08830dd065c47be402
(cherry picked from commit 9a9e51727a5cdaf3ac10c98e1ea4661bc13a11c7)
(cherry picked from commit 1ad3b1e3256a226be362de1a4959f2a642d349b7)
| -rw-r--r-- | AndroidManifest.xml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index cc02a95..f6ad323 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -7,6 +7,7 @@ android:protectionLevel="signature" /> <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" /> <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" /> + <uses-permission android:name="android.permission.ACCESS_ALL_DOWNLOADS" /> <application android:label="@string/app_name" android:allowBackup="false"> |