android_packages_providers_DownloadProvider/src/com/android, branch cm-13.0 Unnamed repository; edit this file 'description' to name the repository. Remove "public" download feature. 2018-10-08T16:53:35+00:00 Jeff Sharkey jsharkey@android.com 2018-07-09T18:16:26+00:00 a137d3acc33bb1188cd92eb449b72bc1153b8bce It was never a supported API, and has been reported as causing security issues, so remove it. Bug: 111084083 Test: builds Change-Id: I26345b192ffd55216bb8c8fdb82cb5869d68d3db (cherry picked from commit 35e123117be9ec5d61dbaea60f6eac06c0e80dc4) 
It was never a supported API, and has been reported as causing
security issues, so remove it.

Bug: 111084083
Test: builds
Change-Id: I26345b192ffd55216bb8c8fdb82cb5869d68d3db
(cherry picked from commit 35e123117be9ec5d61dbaea60f6eac06c0e80dc4)
DO NOT MERGE Deleting downloads for removed uids on downloadprovider start 2017-07-06T19:55:55+00:00 Suprabh Shukla suprabh@google.com 2017-02-27T23:56:11+00:00 a31cffb3f9a7bb67259c6c2d1f712420de17d891 After uninstalling an app, if the system was shutdown before the download provider received the broadcast for UID_REMOVED, another app installed later in the same uid might be able to gain access to the files downloaded by this app. Removing any such hanging downloads at the start up of the download provider should fix this issue. Test: Manually tested by uninstalling an app and killing and restarting the process android.process.media, to check that the downloaded files of the uninstalled app were deleted. Bug:22011579 Merged in: I7382c4846f99035b40412a01715aee5873efa9e6 AOSP-Change-Id: I7382c4846f99035b40412a01715aee5873efa9e6 (cherry picked from commit 2ab9a2d15c63cd567805adb8fa4b9c524afc5ceb) (cherry picked from commit 3b15466b3cb6207660a73d1cea44a2d018ada23f) CVE-2017-0668 Change-Id: I8c5fee862185b958a539c7489443480c5c65ace6 
After uninstalling an app, if the system was shutdown before the
download provider received the broadcast for UID_REMOVED, another app
installed later in the same uid might be able to gain access to the
files downloaded by this app. Removing any such hanging downloads
at the start up of the download provider should fix this issue.

Test: Manually tested by uninstalling an app and killing and restarting
the process android.process.media, to check that the downloaded files of
the uninstalled app were deleted.

Bug:22011579

Merged in: I7382c4846f99035b40412a01715aee5873efa9e6
AOSP-Change-Id: I7382c4846f99035b40412a01715aee5873efa9e6
(cherry picked from commit 2ab9a2d15c63cd567805adb8fa4b9c524afc5ceb)
(cherry picked from commit 3b15466b3cb6207660a73d1cea44a2d018ada23f)

CVE-2017-0668

Change-Id: I8c5fee862185b958a539c7489443480c5c65ace6
Merge tag 'android-6.0.1_r74' into HEAD 2016-11-09T19:59:20+00:00 Jessica Wagantall jwagantall@cyngn.com 2016-11-08T23:13:04+00:00 2e7c3155e8a61c32f9424574076cbce6bbd3479b CYNGNOS-3303 Android 6.0.1 release 74 Change-Id: Ie2ad785b1e3682814c8779cf52662bd8a4e03fcb 
CYNGNOS-3303

Android 6.0.1 release 74

Change-Id: Ie2ad785b1e3682814c8779cf52662bd8a4e03fcb
Merge tag 'android-6.0.1_r72' into HEAD 2016-10-06T18:50:34+00:00 Jessica Wagantall jwagantall@cyngn.com 2016-10-06T18:50:34+00:00 b25fddceb712fc26f7b2eb67ef34e73935cc1182 Android 6.0.1 Release 72 (M4B30X) # gpg: Signature made Tue 04 Oct 2016 09:47:45 AM PDT using DSA key ID 9AB10E78 # gpg: Can't check signature: public key not found 
Android 6.0.1 Release 72 (M4B30X)

# gpg: Signature made Tue 04 Oct 2016 09:47:45 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
Enforce calling identity before clearing. 2016-09-27T22:59:20+00:00 Jeff Sharkey jsharkey@android.com 2016-09-16T18:12:17+00:00 1f66449c3bd4328116b2b2377f1a2d284e669578 When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. However, this means that we can no longer return the "my_downloads" paths: if those Uris were shared beyond the app that requested the download, access would be denied. Instead, we need to switch to using "all_downloads" Uris so that permission grants can be issued to third-party viewer apps. Since an app requesting a download doesn't normally have permission to "all_downloads" paths, we issue narrow grants toward the owner of each download, both at device boot and when new downloads are started. Bug: 30537115, 30945409 Change-Id: If944aada020878a91c363963728d0da9f6fae3ea (cherry picked from commit 7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1) 
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.

However, this means that we can no longer return the "my_downloads"
paths: if those Uris were shared beyond the app that requested the
download, access would be denied.  Instead, we need to switch to
using "all_downloads" Uris so that permission grants can be issued
to third-party viewer apps.

Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, we issue narrow grants toward the owner of
each download, both at device boot and when new downloads are
started.

Bug: 30537115, 30945409
Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
(cherry picked from commit 7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1)
Revert "Enforce calling identity before clearing." 2016-08-26T23:16:38+00:00 Adam Seaton aseaton@google.com 2016-08-26T21:13:20+00:00 3f2cf47caf2cb2eafcf94bf127098e1179b7325e This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565. Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c (cherry picked from commit b440ceb00fd46c9233723066c680a538067fbf82) 
This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565.

Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c
(cherry picked from commit b440ceb00fd46c9233723066c680a538067fbf82)
Enforce calling identity before clearing. 2016-08-26T18:59:56+00:00 Jeff Sharkey jsharkey@android.com 2016-08-01T16:24:24+00:00 092d6da1fd5ef6b0aac65b8e6249700cf4867815 When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. Bug: 30537115 Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295 (cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565) 
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.

Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
(cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565)
Enforce calling identity before clearing. 2016-08-26T04:56:28+00:00 Jeff Sharkey jsharkey@android.com 2016-08-01T16:24:24+00:00 6f753b39e4fb69280a3ef013e37dc88398975489 When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. Bug: 30537115 Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295 (cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565) 
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.

Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
(cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565)
Merge tag 'android-6.0.1_r24' into HEAD 2016-04-05T19:31:45+00:00 Jessica Wagantall jwagantall@cyngn.com 2016-04-05T19:31:45+00:00 4414650785758b04b48ab90be296e858dc730160 Ticket: CYNGNOS-2213 Android 6.0.1 release 24 
Ticket: CYNGNOS-2213
Android 6.0.1 release 24
DO NOT MERGE. Use resolved path when inserting and deleting. 2016-03-01T23:26:56+00:00 Jeff Sharkey jsharkey@android.com 2016-02-16T23:10:32+00:00 e74ee404073426ec7d223bee37c9a3de334dffd9 This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I03b06b746fde5d08d6b61a7011bdace0b4e9fa77 
This avoids a race condition where someone can change a symlink
target after the security checks have passed.

Bug: 26211054
Change-Id: I03b06b746fde5d08d6b61a7011bdace0b4e9fa77