diff options
author | Tom Taylor <tomtaylor@google.com> | 2016-12-05 16:39:55 -0800 |
---|---|---|
committer | Tom Taylor <tomtaylor@google.com> | 2016-12-05 16:39:55 -0800 |
commit | a2aa53f83afbd13b04cbdcca494fd3cf659c155d (patch) | |
tree | 76fd8f3e351673bc36bb47f05ee97d95c4eec4fe /AndroidManifest.xml | |
parent | bcc1f62715f8005684ac6b798d0d54224394e975 (diff) | |
download | packages_apps_Messaging-a2aa53f83afbd13b04cbdcca494fd3cf659c155d.tar.gz packages_apps_Messaging-a2aa53f83afbd13b04cbdcca494fd3cf659c155d.tar.bz2 packages_apps_Messaging-a2aa53f83afbd13b04cbdcca494fd3cf659c155d.zip |
32807795 Security Vulnerability - AOSP Messaging App: thirdparty can
attach private files from "/data/data/com.android.messaging/"
directory to the messaging app.
* This is a manual merge from ag/871758 -- backporting a security fix from
Bugle to Kazoo.
* Don't export the MediaScratchFileProvider or the MmsFileProvider. This
will block external access from third party apps. In addition, make both
providers more robust in handling path names. Make sure the file paths
handled in the providers point to the expected directory.
Change-Id: I9e6b3ae0e122e3f5022243418f2893d4a0859edb
Fixes: 32807795
Diffstat (limited to 'AndroidManifest.xml')
-rw-r--r-- | AndroidManifest.xml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index 8fe8fae..4b16a82 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -317,11 +317,13 @@ <provider android:name=".datamodel.MmsFileProvider" android:authorities="com.android.messaging.datamodel.MmsFileProvider" - android:grantUriPermissions="true" /> + android:grantUriPermissions="true" + android:exported="false" /> <provider android:name=".datamodel.MediaScratchFileProvider" android:authorities="com.android.messaging.datamodel.MediaScratchFileProvider" - android:grantUriPermissions="true" /> + android:grantUriPermissions="true" + android:exported="false" /> <!-- Action Services --> |