diff options
author | Jeff Sharkey <jsharkey@android.com> | 2016-09-16 12:12:17 -0600 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2016-09-16 12:18:36 -0600 |
commit | 7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1 (patch) | |
tree | d9f5d59b900e8bb7662d1ef7e36f394ac5fb8518 /tests | |
parent | b440ceb00fd46c9233723066c680a538067fbf82 (diff) | |
download | android_packages_providers_DownloadProvider-7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1.tar.gz android_packages_providers_DownloadProvider-7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1.tar.bz2 android_packages_providers_DownloadProvider-7c1af8c62c8bdf6e8de5a00c1927daf9fd9c03d1.zip |
Enforce calling identity before clearing.
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
However, this means that we can no longer return the "my_downloads"
paths: if those Uris were shared beyond the app that requested the
download, access would be denied. Instead, we need to switch to
using "all_downloads" Uris so that permission grants can be issued
to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, we issue narrow grants toward the owner of
each download, both at device boot and when new downloads are
started.
Bug: 30537115, 30945409
Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
Diffstat (limited to 'tests')
0 files changed, 0 insertions, 0 deletions