summaryrefslogtreecommitdiffstats
path: root/src/com/android/providers/downloads/DownloadProvider.java
Commit message (Collapse)AuthorAgeFilesLines
* Deleting downloads for removed uids on downloadprovider startSuprabh Shukla2017-03-071-10/+45
| | | | | | | | | | | | | | | | After uninstalling an app, if the system was shutdown before the download provider received the broadcast for UID_REMOVED, another app installed later in the same uid might be able to gain access to the files downloaded by this app. Removing any such hanging downloads at the start up of the download provider should fix this issue. Test: Manually tested by uninstalling an app and killing and restarting the process android.process.media, to check that the downloaded files of the uninstalled app were deleted. Bug:22011579 Change-Id: I7382c4846f99035b40412a01715aee5873efa9e6
* Only send DOWNLOAD_COMPLETE broadcast once.Jeff Sharkey2016-10-141-10/+25
| | | | | | | | | | | Apps might end up confused if we tell them a download was completed multiple times, so only send the broadcast exactly once when we transition it into a "completed" state, either during an update() or a delete() operation. Test: verified single broadcast with test app Bug: 31619480 Change-Id: I0b9139ea0e37f6d212b84314048692cd0c4f9cdf
* Merge commit '010fc1856c23d5a15a6e42e334b0fdc7986f7f30' into ↵Jeff Sharkey2016-09-171-0/+44
|\ | | | | | | | | | | | | | | manual_merge_010fc18 am: e2c5d91b95 Change-Id: I5d3b829662449cc6068501c0cdf0f6b7bc67a8e5
| * Merge commit '010fc1856c23d5a15a6e42e334b0fdc7986f7f30' into ↵Jeff Sharkey2016-09-161-0/+44
| |\ | | | | | | | | | | | | | | | manual_merge_010fc18 Change-Id: I2fa7bbc82985a294564a072650f9e8472dae9694
| | * Merge commit '40238b9a601d58d2b4f88da7b14823e8c0340bc6' into ↵Jeff Sharkey2016-09-161-0/+44
| | |\ | | | | | | | | | | | | | | | | | | | | manual_merge_40238b9 Change-Id: I0d8441c4bae392726e7d41c77b1d9ac5eda1c09c
| | | * Enforce calling identity before clearing. am: 7c1af8c62c am: 47dcd095ea am: ↵Jeff Sharkey2016-09-161-0/+44
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 51033d49f6 am: 9bbd21ff0c am: 0bd9e49a06 am: 73721ade0d am: 36b9c38a53 Change-Id: I53525f314f5ebc659e26c972c62517833ea03e19
| | | | * Enforce calling identity before clearing. am: 7c1af8c62c am: 47dcd095ea am: ↵Jeff Sharkey2016-09-161-0/+44
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 51033d49f6 am: 9bbd21ff0c Change-Id: I5f09670f0629addb5fa847799184716020234f35
| | | | | * Enforce calling identity before clearing.Jeff Sharkey2016-09-161-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. However, this means that we can no longer return the "my_downloads" paths: if those Uris were shared beyond the app that requested the download, access would be denied. Instead, we need to switch to using "all_downloads" Uris so that permission grants can be issued to third-party viewer apps. Since an app requesting a download doesn't normally have permission to "all_downloads" paths, we issue narrow grants toward the owner of each download, both at device boot and when new downloads are started. Bug: 30537115, 30945409 Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
| * | | | | DO NOT MERGE. Send "completed" broadcast if download cancelled.Jeff Sharkey2016-08-311-10/+17
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: c0496a0b0b Change-Id: I19d55af382ab6eb4ad080c402139eaf4df695ace
| | * | | | | DO NOT MERGE. Send "completed" broadcast if download cancelled.Jeff Sharkey2016-08-311-10/+17
| | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a download is deleted, we may not have an active thread, so always send the broadcast from the provider. If an active thread encounters a deleted download, skip sending the broadcast twice. Change-Id: If8d5b99a1b7232bb64c6d11f22fdb4f5d6dbbfec Test: none Bug: 30883889 (cherry picked from commit efb1ac6b49692e62fde6830c3d20953c8632d2ba)
| * / / / / DO NOT MERGE. Update notifications when deleting downloads.Jeff Sharkey2016-08-311-0/+6
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we end up leaving stale notifications around after the underlying download was deleted. Change-Id: Ie262a9dd369034de6c06be28b0eedc4231ea2e75 Test: none Bug: 30697605 (cherry picked from commit 3b7e099588a2697305fd52c342f404a03ec9a9ab)
* | | | | Revert "Enforce calling identity before clearing." am: b440ceb00f am: ↵Adam Seaton2016-08-261-13/+0
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5 am: 6a6944d1f4 am: 8e8770bdc8 am: 85a6e20a85 am: 29c0025ae0 am: 9e119a0c29 Change-Id: Ic8495c5744b3acd16ae2d63be103279a2621411c
| * | | | Revert "Enforce calling identity before clearing." am: b440ceb00f am: ↵Adam Seaton2016-08-261-13/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5 am: 6a6944d1f4 am: 8e8770bdc8 Change-Id: I208036cd66780728f627cd11b2514eeb03c74800
| | * | | Revert "Enforce calling identity before clearing." am: b440ceb00f am: ↵Adam Seaton2016-08-261-13/+0
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5 am: 6a6944d1f4 Change-Id: Ib01cab89347d96c44478e51a27ef2cf17e1e7b2d
| | | * | Revert "Enforce calling identity before clearing." am: b440ceb00f am: ↵Adam Seaton2016-08-261-13/+0
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6777320335 am: a474af3a08 am: 8bec536bf2 Change-Id: I81ea34a6f1cdaa438af6397651d7374628d44eff
| | | | * Revert "Enforce calling identity before clearing."Adam Seaton2016-08-261-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565. Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c
* | | | | Merge "Send "completed" broadcast if download cancelled."TreeHugger Robot2016-08-231-10/+17
|\ \ \ \ \
| * | | | | Send "completed" broadcast if download cancelled.Jeff Sharkey2016-08-231-10/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a download is deleted, we may not have an active thread, so always send the broadcast from the provider. If an active thread encounters a deleted download, skip sending the broadcast twice. Change-Id: If8d5b99a1b7232bb64c6d11f22fdb4f5d6dbbfec Test: none Bug: 30883889
* | | | | | Update notifications when deleting downloads.Jeff Sharkey2016-08-231-0/+6
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we end up leaving stale notifications around after the underlying download was deleted. Change-Id: Ie262a9dd369034de6c06be28b0eedc4231ea2e75 Test: none Bug: 30697605
* | | | | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485 am: ↵Jeff Sharkey2016-08-091-0/+13
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232 am: 567e549614 am: 14ae5650e4 am: 80ab64c562 am: 77b7d90939 am: 7bd19160b1 Change-Id: I5f041155cf85feb81db55f2b23868754f270ac4d
| * | | | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485 am: ↵Jeff Sharkey2016-08-091-0/+13
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232 am: 567e549614 am: 14ae5650e4 Change-Id: I3688aa1ad8e48901b321823f03636bbd55d76780
| | * | | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485 am: ↵Jeff Sharkey2016-08-091-0/+13
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232 am: 567e549614 Change-Id: I47ae3c7cfa1e3f6239d95697cf641c8d498a4e60
| | | * | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485 am: ↵Jeff Sharkey2016-08-091-0/+13
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b3ce7976f2 am: 860239d87e Change-Id: Ic62206ad61c81da00eb57679211c140ce7053032
| | | | * Enforce calling identity before clearing.Jeff Sharkey2016-08-011-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. Bug: 30537115 Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
| | | | * Use resolved path for both checking and opening.Jeff Sharkey2016-01-141-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
| | | * | DO NOT MERGE. Use resolved path when inserting and deleting.Jeff Sharkey2016-02-161-5/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I40ed6d2298e4b66b4f7a055e68d9820515adf351
| | | * | Use resolved path for both checking and opening.Jeff Sharkey2016-01-141-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
| | * | | Merge "DO NOT MERGE. Use resolved path when inserting and deleting." into ↵Jeff Sharkey2016-02-181-5/+15
| | |\ \ \ | | | | | | | | | | | | | | | | | | mnc-dr1.5-dev
| | | * | | DO NOT MERGE. Use resolved path when inserting and deleting.Jeff Sharkey2016-02-161-5/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I03b06b746fde5d08d6b61a7011bdace0b4e9fa77
* | | | | | Clear identity when deleting scanned entry. am: 01dee86505 am: d8fc87e08eJeff Sharkey2016-06-281-2/+7
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 7dda783c24 Change-Id: I26c1c681d83ad21b2dc79586ab7768abf18dc577
| * | | | | Clear identity when deleting scanned entry.Jeff Sharkey2016-06-281-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When deleting a file from DownloadManager, we also reach over and clean up any scanned MediaStore entries. However, DownloadManager clients may not hold the WRITE_EXTERNAL_STORAGE permission, such as when they downloaded a file into their package-specific directories. The safest fix for now is to clear the calling identity and always clean up the MediaStore entries ourselves, since DownloadProvider always holds the required storage permission. Bug: 29777504 Change-Id: Iea8f5696410010807b118bb56e5b897c53f0e1fe
* | | | | | Enable search for Downloads.Ben Lin2016-05-101-3/+5
|/ / / / / | | | | | | | | | | | | | | | | | | | | Bug: 26524617 Change-Id: Ide23c822b97ccab29a341184f14698dc942e8e14
* | | | | Scan completed downloads when requested.Jeff Sharkey2016-05-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recent JobScheduler rewrite means we no longer spin up a service when insterting an already-completed download. However, the calling app may have requested the download to be scanned, so kick off a scan request for them. Bug: 28659693 Change-Id: I497e10995ba04f1522fe8d7e547ebea6e305f6e9
* | | | | Move DownloadManager to use JobScheduler.Jeff Sharkey2016-04-251-48/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JobScheduler is in a much better position to coordinate tasks across the platform to optimize battery and RAM usage. This change removes a bunch of manual scheduling logic by representing each download as a separate job with relevant scheduling constraints. Requested network types, retry backoff timing, and newly added charging and idle constraints are plumbed through as job parameters. When a job times out, we halt the download and schedule it to resume later. The majority of downloads should have ETag values to enable resuming like this. Remove local wakelocks, since the platform now acquires and blames our jobs on the requesting app. When an active download is pushing updates to the database, check for both paused and cancelled state to quickly halt an ongoing download. Shift DownloadNotifier to update directly based on a Cursor, since we no longer have the overhead of fully-parsed DownloadInfo objects. Unify a handful of worker threads into a single shared thread. Remove legacy "large download" activity that was thrown in the face of the user; the UX best-practice is to go through notification, and update that dialog to let the user override and continue if under the hard limit. Bug: 28098882, 26571724 Change-Id: I33ebe59b3c2ea9c89ec526f70b1950c734abc4a7
* | | | | Use resolved path for both checking and opening.Jeff Sharkey2016-02-081-6/+22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5e1a2343d631109c21a4c5b2d8d00b2946756680
* / / / Revert "Use resolved path for both checking and opening."Jeff Sharkey2016-01-221-8/+2
|/ / / | | | | | | | | | | | | | | | This reverts commit 366af2ee1f841615d44ab770b537112d769eed05. Change-Id: Id1155425ebcae23be8ce3916f19dda82eee992c4
* / / Use resolved path for both checking and opening.Jeff Sharkey2016-01-141-2/+8
|/ / | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
* | Switch to proxy variants of app-ops calls.Jeff Sharkey2015-07-241-2/+2
| | | | | | | | | | Bug: 22718722 Change-Id: I9c054956c3b3655332475607d6919dc34515e550
* | Relax permissions on package-specific paths.Jeff Sharkey2015-07-141-14/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally apps must hold the WRITE_EXTERNAL_STORAGE permission in order to use DownloadManager. However, now that the platform has relaxed permissions on package-specific directories, we relax the DownloadManager check in a similar way. This also opens up using DownloadManager to save files on secondary external storage devices. Fix bug so that we now check the relevant volume state when thinking about resuming a download. Bug: 22135060 Change-Id: If439340ea48789ea167f49709b5b69a4f0883150
* | Create a handler threadTodd Kennedy2015-06-191-1/+5
| | | | | | | | | | | | | | | | | | | | The onCreate() method [where we initialize the handler] runs on the main thread. This means the ParcelFileDescriptor also runs tasks involving disk access on the main thread. We need to create a separate thread to run the Content Provider's handler. Bug: 19718299 Change-Id: Ia3661fafd3442ad6260f04253ba24ddf83b176b2
* | Actually delete files when rows are deleted.Jeff Sharkey2015-06-161-5/+12
|/ | | | | | | Otherwise they're orphaned until the next idle maintenance pass. Bug: 21786983 Change-Id: I6eb2240d657366b65482bd3a0d5683e5d34a541a
* Whoops, clear identity to get internal columns.Jeff Sharkey2014-08-051-1/+11
| | | | | Bug: 16822344 Change-Id: Ib90e171cbb7babc7a3eea59de5cb899c79fadf94
* Scan after writing download files.Jeff Sharkey2014-08-051-18/+41
| | | | | | | | Kicks off media scanner after files are written, usually through a DocumentsProvider. Bug: 13557203 Change-Id: I4e29b778b4e19a217f60c1e415c4d814724752d3
* am f04a7690: am 90e7485d: am 02562d30: Merge "Avoid leaking cursors"Jeff Sharkey2014-05-101-20/+30
|\ | | | | | | | | * commit 'f04a7690b53288c98c07e0aa05214cceebea1331': Avoid leaking cursors
| * Avoid leaking cursorsMattias Nilsson2014-04-011-20/+30
| | | | | | | | | | | | | | Adding try/finally blocks to make sure that cursor resources are let go Change-Id: I596074aa9ab5752f91a26b5a03e1f39c23c64a5f
* | resolved conflicts for merge of 2ca55fd3 to masterNick Kralevich2014-03-141-6/+0
|\| | | | | | | Change-Id: I59df74b902c95299ae9adda2ddddb6bad4260159
| * Drop restorecon call from DownloadProvider.Stephen Smalley2014-03-121-6/+0
| | | | | | | | | | | | | | | | It is not necessary/useful to place this directory into a separate type from other app data files, so remove this restorecon. Change-Id: Iabd643a515c134ab2a62e82866a3f72530f795ba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | Add idle service to clean orphan downloads.Jeff Sharkey2014-02-061-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | Periodically reconcile database against disk contents. This handles the case where a user/app deletes files directly from disk without updating the database, and the rare case where a database delete didn't make it to deleting the underlying file. Also cleans up any downloads belonging to a UID when removed. Bug: 12924143 Change-Id: I4899d09df7ef71f2625491ac01ceeafa8a2013ce
* | Many improvements to download storage management.Jeff Sharkey2014-02-061-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change all data transfer to occur through FileDescriptors instead of relying on local files. This paves the way for downloading directly to content:// Uris in the future. Rewrite storage management logic to preflight download when size is known. If enough space is found, immediately reserve the space with fallocate(), advising the kernel block allocator to try giving us a contiguous block regions to reduce fragmentation. When preflighting on internal storage or emulated external storage, ask PackageManager to clear private app caches to free up space. Since we fallocate() the entire file, use the database as the source of truth for resume locations, which requires that we fsync() before each database update. Store in-progress downloads in separate directories to keep the OS from deleting out from under us. Clean up filename generation logic to break ties in this new dual-directory case. Clearer enforcement of successful download preconditions around content lengths and ETags. Move all database field mutations to clearer DownloadInfoDelta object, and write back through single code path. Catch and log uncaught exceptions from DownloadThread. Tests to verify new storage behaviors. Fixed existing test to reflect correct RFC behavior. Bug: 5287571, 3213677, 12663412 Change-Id: I6bb905eca7c7d1a6bc88df3db28b65d70f660221
* | Revert "change download provider to use system log"Doug Zongker2014-01-271-26/+26
| | | | | | | | | | This reverts commit 4f9d2d04003fafb358d7c127054055b3a9732c9b, was only wanted for debugging.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 05:03:47 +0000