diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2016-09-16 12:12:17 -0600 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-11-16 15:19:44 -0700 |
| commit | 53b9b1b1e105961b8c207ebe208f9d09a676ec48 (patch) | |
| tree | 62c0a05b2884e9af8bfd5041afb46e5e201fdef0 /src/com/android/providers/downloads/DownloadReceiver.java | |
| parent | e2092b0fd4b706e3d575d6e225a1ecbc71dabb8f (diff) | |
| download | android_packages_providers_DownloadProvider-stable/cm-12.1-YOG7D.tar.gz android_packages_providers_DownloadProvider-stable/cm-12.1-YOG7D.tar.bz2 android_packages_providers_DownloadProvider-stable/cm-12.1-YOG7D.zip | |
Enforce calling identity before clearing.stable/cm-12.1-YOG7D
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
However, this means that we can no longer return the "my_downloads"
paths: if those Uris were shared beyond the app that requested the
download, access would be denied. Instead, we need to switch to
using "all_downloads" Uris so that permission grants can be issued
to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, we issue narrow grants toward the owner of
each download, both at device boot and when new downloads are
started.
CYNGNOS-3303
Bug: 30537115, 30945409
Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
(cherry picked from commit 7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1)
(cherry picked from commit 2e51b3279a3b1e7cbd467c81bfe09b431b248cab)
Diffstat (limited to 'src/com/android/providers/downloads/DownloadReceiver.java')
0 files changed, 0 insertions, 0 deletions