diff options
Diffstat (limited to 'src/com/android/providers/downloads/DownloadProvider.java')
-rw-r--r-- | src/com/android/providers/downloads/DownloadProvider.java | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java index 48350f6a..59e753e5 100644 --- a/src/com/android/providers/downloads/DownloadProvider.java +++ b/src/com/android/providers/downloads/DownloadProvider.java @@ -177,7 +177,6 @@ public final class DownloadProvider extends ContentProvider { /** List of uids that can access the downloads */ private int mSystemUid = -1; private int mDefContainerUid = -1; - private File mDownloadsDataDir; @VisibleForTesting SystemFacade mSystemFacade; @@ -463,7 +462,6 @@ public final class DownloadProvider extends ContentProvider { // saves us by getting some initialization code in DownloadService out of the way. Context context = getContext(); context.startService(new Intent(context, DownloadService.class)); - mDownloadsDataDir = StorageManager.getDownloadDataDirectory(getContext()); return true; } @@ -534,7 +532,7 @@ public final class DownloadProvider extends ContentProvider { // validate the destination column Integer dest = values.getAsInteger(Downloads.Impl.COLUMN_DESTINATION); if (dest != null) { - if (getContext().checkCallingPermission(Downloads.Impl.PERMISSION_ACCESS_ADVANCED) + if (getContext().checkCallingOrSelfPermission(Downloads.Impl.PERMISSION_ACCESS_ADVANCED) != PackageManager.PERMISSION_GRANTED && (dest == Downloads.Impl.DESTINATION_CACHE_PARTITION || dest == Downloads.Impl.DESTINATION_CACHE_PARTITION_NOROAMING @@ -545,7 +543,7 @@ public final class DownloadProvider extends ContentProvider { // for public API behavior, if an app has CACHE_NON_PURGEABLE permission, automatically // switch to non-purgeable download boolean hasNonPurgeablePermission = - getContext().checkCallingPermission( + getContext().checkCallingOrSelfPermission( Downloads.Impl.PERMISSION_CACHE_NON_PURGEABLE) == PackageManager.PERMISSION_GRANTED; if (isPublicApi && dest == Downloads.Impl.DESTINATION_CACHE_PARTITION_PURGEABLE @@ -632,7 +630,7 @@ public final class DownloadProvider extends ContentProvider { copyString(Downloads.Impl.COLUMN_REFERER, values, filteredValues); // UID, PID columns - if (getContext().checkCallingPermission(Downloads.Impl.PERMISSION_ACCESS_ADVANCED) + if (getContext().checkCallingOrSelfPermission(Downloads.Impl.PERMISSION_ACCESS_ADVANCED) == PackageManager.PERMISSION_GRANTED) { copyInteger(Downloads.Impl.COLUMN_OTHER_UID, values, filteredValues); } @@ -1121,7 +1119,7 @@ public final class DownloadProvider extends ContentProvider { selection.appendClause(Downloads.Impl._ID + " = ?", getDownloadIdFromUri(uri)); } if ((uriMatch == MY_DOWNLOADS || uriMatch == MY_DOWNLOADS_ID) - && getContext().checkCallingPermission(Downloads.Impl.PERMISSION_ACCESS_ALL) + && getContext().checkCallingOrSelfPermission(Downloads.Impl.PERMISSION_ACCESS_ALL) != PackageManager.PERMISSION_GRANTED) { selection.appendClause( Constants.UID + "= ? OR " + Downloads.Impl.COLUMN_OTHER_UID + "= ?", @@ -1137,7 +1135,9 @@ public final class DownloadProvider extends ContentProvider { public int delete(final Uri uri, final String where, final String[] whereArgs) { - Helpers.validateSelection(where, sAppReadableColumnsSet); + if (shouldRestrictVisibility()) { + Helpers.validateSelection(where, sAppReadableColumnsSet); + } SQLiteDatabase db = mOpenHelper.getWritableDatabase(); int count; @@ -1203,11 +1203,12 @@ public final class DownloadProvider extends ContentProvider { if (path == null) { throw new FileNotFoundException("No filename found."); } - if (!Helpers.isFilenameValid(path, mDownloadsDataDir)) { - throw new FileNotFoundException("Invalid filename: " + path); - } final File file = new File(path); + if (!Helpers.isFilenameValid(getContext(), file)) { + throw new FileNotFoundException("Invalid file: " + file); + } + if ("r".equals(mode)) { return ParcelFileDescriptor.open(file, ParcelFileDescriptor.MODE_READ_ONLY); } else { |