diff options
author | Steve Howard <showard@google.com> | 2010-09-12 18:53:31 -0700 |
---|---|---|
committer | Steve Howard <showard@google.com> | 2010-09-14 19:00:40 -0700 |
commit | 3d55d829c03fe78ad8cdab119293efb6c6e49c64 (patch) | |
tree | fb8feb9c23b83108546048b0488033279de63635 /AndroidManifest.xml | |
parent | 33671e9c1e9ffa3776ed987bddeb70a04daa7cfe (diff) | |
download | android_packages_providers_DownloadProvider-3d55d829c03fe78ad8cdab119293efb6c6e49c64.tar.gz android_packages_providers_DownloadProvider-3d55d829c03fe78ad8cdab119293efb6c6e49c64.tar.bz2 android_packages_providers_DownloadProvider-3d55d829c03fe78ad8cdab119293efb6c6e49c64.zip |
New URI structure with "my_downloads" and "all_downloads"
This change introduces a second view into the download manager
database via a set of URIs starting with /all_downloads, renaming the
original /download URIs to /my_downloads. In addition to making
things more clear, this change allows the downloads UI to grant
permissions on individual downloads to viewer apps.
The old semantics were:
* for ordinary callers, /download included only downloads initiated by
the calling UID
* for intraprocess calls or calls by root, /download included all
downloads
The new semantics are
* /my_downloads always includes only downloads initiated by the
calling UID, and requires only INTERNET permission. It could just
as well require no permission, but that's not possible in the
framework, since path-permissions can only broaden access, not
tighten it. It doesn't matter, because these URIs are useless
without INTERNET permission -- if a user can't initiate downloads,
there's no reason to read this.
* /all_downloads always includes all downloads on the system, and
requires the new permission ACCESS_ALL_DOWNLOADS. This permission
is currently protectionLevel=signature -- this could be relaxed
later to support third-party download managers.
All download manager code has been changed to use /all_downloads URIs,
except when passing a URI to another app. In making this change
across the download manager code, I've taken some liberties in
cleaning things up. Other apps are unchanged and will use
/my_downloads.
Finally, this incorporates changes to DownloadManager to return a
content URI for /cache downloads -- the download UI no longer assumes
it's a file URI, and it grants permissions to the receiver of the VIEW
intent. The public API test has also been updated.
I've also fixed some null cursor checking in DownloadManager.
Change-Id: I05a501eb4388249fe80c43724405657c950d7238
Diffstat (limited to 'AndroidManifest.xml')
-rw-r--r-- | AndroidManifest.xml | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index 8431d1ed..9da6fc80 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -33,6 +33,14 @@ android:description="@string/permdesc_downloadWithoutNotification" android:protectionLevel="signatureOrSystem"/> + <!-- Allows an app to access all downloads in the system via the /all_downloads/ URIs. The + protection level could be relaxed in the future to support third-party download + managers. --> + <permission android:name="android.permission.ACCESS_ALL_DOWNLOADS" + android:label="@string/permlab_accessAllDownloads" + android:description="@string/permdesc_accessAllDownloads" + android:protectionLevel="signature"/> + <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> <uses-permission android:name="android.permission.ACCESS_DOWNLOAD_MANAGER" /> <uses-permission android:name="android.permission.ACCESS_DRM" /> @@ -42,11 +50,21 @@ <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <uses-permission android:name="android.permission.INSTALL_DRM" /> + <uses-permission android:name="android.permission.ACCESS_ALL_DOWNLOADS" /> <application android:process="android.process.media" android:label="@string/app_label"> <provider android:name=".DownloadProvider" - android:authorities="downloads" /> + android:authorities="downloads" + android:permission="android.permission.ACCESS_ALL_DOWNLOADS"> + <!-- Anyone can access /my_downloads, the provider internally restricts access by UID for + these URIs --> + <path-permission android:pathPrefix="/my_downloads" + android:permission="android.permission.INTERNET"/> + <!-- Apps with access to /all_downloads/... can grant permissions, allowing them to share + downloaded files with other viewers --> + <grant-uri-permission android:pathPrefix="/all_downloads/"/> + </provider> <service android:name=".DownloadService" android:permission="android.permission.ACCESS_DOWNLOAD_MANAGER" /> <receiver android:name=".DownloadReceiver" android:exported="false"> |