summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2016-08-01 10:24:24 -0600
committergitbuildkicker <android-build@google.com>2016-08-26 11:59:56 -0700
commit092d6da1fd5ef6b0aac65b8e6249700cf4867815 (patch)
tree9bc40c0ce124f8f3958b3ac75aca9fd712e757fa
parentff562d068d5a3a41999aada06ed46994d8f6efb4 (diff)
downloadandroid_packages_providers_DownloadProvider-092d6da1fd5ef6b0aac65b8e6249700cf4867815.tar.gz
android_packages_providers_DownloadProvider-092d6da1fd5ef6b0aac65b8e6249700cf4867815.tar.bz2
android_packages_providers_DownloadProvider-092d6da1fd5ef6b0aac65b8e6249700cf4867815.zip
Enforce calling identity before clearing.
When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. Bug: 30537115 Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295 (cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565)
-rw-r--r--src/com/android/providers/downloads/DownloadProvider.java13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index d9acc789..667a81df 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -1232,6 +1232,19 @@ public final class DownloadProvider extends ContentProvider {
logVerboseOpenFileInfo(uri, mode);
}
+ // Perform normal query to enforce caller identity access before
+ // clearing it to reach internal-only columns
+ final Cursor probeCursor = query(uri, new String[] {
+ Downloads.Impl._DATA }, null, null, null);
+ try {
+ if ((probeCursor == null) || (probeCursor.getCount() == 0)) {
+ throw new FileNotFoundException(
+ "No file found for " + uri + " as UID " + Binder.getCallingUid());
+ }
+ } finally {
+ IoUtils.closeQuietly(probeCursor);
+ }
+
final Cursor cursor = queryCleared(uri, new String[] {
Downloads.Impl._DATA, Downloads.Impl.COLUMN_STATUS,
Downloads.Impl.COLUMN_DESTINATION, Downloads.Impl.COLUMN_MEDIA_SCANNED }, null,