diff options
author | Jeff Sharkey <jsharkey@android.com> | 2016-08-01 10:24:24 -0600 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-08-25 21:56:28 -0700 |
commit | 6f753b39e4fb69280a3ef013e37dc88398975489 (patch) | |
tree | 9bc40c0ce124f8f3958b3ac75aca9fd712e757fa | |
parent | ff562d068d5a3a41999aada06ed46994d8f6efb4 (diff) | |
download | android_packages_providers_DownloadProvider-6f753b39e4fb69280a3ef013e37dc88398975489.tar.gz android_packages_providers_DownloadProvider-6f753b39e4fb69280a3ef013e37dc88398975489.tar.bz2 android_packages_providers_DownloadProvider-6f753b39e4fb69280a3ef013e37dc88398975489.zip |
Enforce calling identity before clearing.
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
(cherry picked from commit 8be3a92eb0b4105a9ed748be5a937ce79145f565)
-rw-r--r-- | src/com/android/providers/downloads/DownloadProvider.java | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java index d9acc789..667a81df 100644 --- a/src/com/android/providers/downloads/DownloadProvider.java +++ b/src/com/android/providers/downloads/DownloadProvider.java @@ -1232,6 +1232,19 @@ public final class DownloadProvider extends ContentProvider { logVerboseOpenFileInfo(uri, mode); } + // Perform normal query to enforce caller identity access before + // clearing it to reach internal-only columns + final Cursor probeCursor = query(uri, new String[] { + Downloads.Impl._DATA }, null, null, null); + try { + if ((probeCursor == null) || (probeCursor.getCount() == 0)) { + throw new FileNotFoundException( + "No file found for " + uri + " as UID " + Binder.getCallingUid()); + } + } finally { + IoUtils.closeQuietly(probeCursor); + } + final Cursor cursor = queryCleared(uri, new String[] { Downloads.Impl._DATA, Downloads.Impl.COLUMN_STATUS, Downloads.Impl.COLUMN_DESTINATION, Downloads.Impl.COLUMN_MEDIA_SCANNED }, null, |