summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Enforce calling identity before clearing. am: 7c1af8c62c am: 47dcd095ea am: ↵Jeff Sharkey2016-09-161-0/+44
|\ | | | | | | | | | | | | | | 51033d49f6 am: 9bbd21ff0c Change-Id: I5f09670f0629addb5fa847799184716020234f35
| * Enforce calling identity before clearing. am: 7c1af8c62c am: 47dcd095eaJeff Sharkey2016-09-161-0/+44
| |\ | | | | | | | | | | | | | | | am: 51033d49f6 Change-Id: Ic319b5f1f9351a83a2fde49aedc99f996fda8ef5
| | * Enforce calling identity before clearing.Jeff Sharkey2016-09-161-0/+44
| | |\ | | | | | | | | | | | | | | | | | | | | am: 7c1af8c62c Change-Id: Id435bda5c939ab48c3e1fb69f13292a4740828d4
| | | * Enforce calling identity before clearing.Jeff Sharkey2016-09-161-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. However, this means that we can no longer return the "my_downloads" paths: if those Uris were shared beyond the app that requested the download, access would be denied. Instead, we need to switch to using "all_downloads" Uris so that permission grants can be issued to third-party viewer apps. Since an app requesting a download doesn't normally have permission to "all_downloads" paths, we issue narrow grants toward the owner of each download, both at device boot and when new downloads are started. Bug: 30537115, 30945409 Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
* | | | Revert "Enforce calling identity before clearing." am: b440ceb00f am: ↵Adam Seaton2016-08-261-13/+0
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6777320335 am: a474af3a08 am: 8bec536bf2 Change-Id: I81ea34a6f1cdaa438af6397651d7374628d44eff
| * | | Revert "Enforce calling identity before clearing." am: b440ceb00f am: 6777320335Adam Seaton2016-08-261-13/+0
| |\| | | | | | | | | | | | | | | | | | | | | | am: a474af3a08 Change-Id: I133dc7915c5dfd0e2d70ece76c008c7b282f0bcb
| | * | Revert "Enforce calling identity before clearing."Adam Seaton2016-08-261-13/+0
| | |\| | | | | | | | | | | | | | | | | | | | | am: b440ceb00f Change-Id: If9feec471d71fbfa05a4cf9a8633142c724b6da3
| | | * Revert "Enforce calling identity before clearing."Adam Seaton2016-08-261-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565. Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c
* | | | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485 am: ↵Jeff Sharkey2016-08-091-0/+13
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b3ce7976f2 am: 860239d87e Change-Id: Ic62206ad61c81da00eb57679211c140ce7053032
| * | | Enforce calling identity before clearing. am: 8be3a92eb0 am: ec19fe6485Jeff Sharkey2016-08-091-0/+13
| |\| | | | | | | | | | | | | | | | | | | | | | am: b3ce7976f2 Change-Id: I539882f08289cabaaf49326fb7973d98d0323de2
| | * | Enforce calling identity before clearing.Jeff Sharkey2016-08-091-0/+13
| | |\| | | | | | | | | | | | | | | | | | | | | am: 8be3a92eb0 Change-Id: I0b339abd106680e44a7e900e3eae514cf0f630c1
| | | * Enforce calling identity before clearing.Jeff Sharkey2016-08-011-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When opening a downloaded file, enforce that the caller can actually see the requested download before clearing their identity to read internal columns. Bug: 30537115 Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
| | | * Use resolved path for both checking and opening.Jeff Sharkey2016-01-142-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
| * | | Use resolved path for both checking and opening. am: bdc831357eJeff Sharkey2016-01-152-3/+8
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | am: 0e710ca30d * commit '0e710ca30d0b04843b3d2e83755e35fe092cfd4a': Use resolved path for both checking and opening.
| | * | Use resolved path for both checking and opening.Jeff Sharkey2016-01-142-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
* | | | DO NOT MERGE. Use resolved path when inserting and deleting.Jeff Sharkey2016-02-161-5/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I40ed6d2298e4b66b4f7a055e68d9820515adf351
* | | | Use resolved path for both checking and opening.Jeff Sharkey2016-01-142-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
* | | | Give secondary users read-only physical cards.Jeff Sharkey2015-07-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow method refactoring so we only consider writable locations. Bug: 22787184 Change-Id: Ib8b037216d23ab474d7e0df427671d174eaf030a
* | | | Switch to proxy variants of app-ops calls.Jeff Sharkey2015-07-241-2/+2
| | | | | | | | | | | | | | | | | | | | Bug: 22718722 Change-Id: I9c054956c3b3655332475607d6919dc34515e550
* | | | Relax permissions on package-specific paths.Jeff Sharkey2015-07-144-26/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally apps must hold the WRITE_EXTERNAL_STORAGE permission in order to use DownloadManager. However, now that the platform has relaxed permissions on package-specific directories, we relax the DownloadManager check in a similar way. This also opens up using DownloadManager to save files on secondary external storage devices. Fix bug so that we now check the relevant volume state when thinking about resuming a download. Bug: 22135060 Change-Id: If439340ea48789ea167f49709b5b69a4f0883150
* | | | Create a handler threadTodd Kennedy2015-06-191-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The onCreate() method [where we initialize the handler] runs on the main thread. This means the ParcelFileDescriptor also runs tasks involving disk access on the main thread. We need to create a separate thread to run the Content Provider's handler. Bug: 19718299 Change-Id: Ia3661fafd3442ad6260f04253ba24ddf83b176b2
* | | | Actually delete files when rows are deleted.Jeff Sharkey2015-06-161-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise they're orphaned until the next idle maintenance pass. Bug: 21786983 Change-Id: I6eb2240d657366b65482bd3a0d5683e5d34a541a
* | | | Don't call size() on a null ListChristopher Tate2015-06-081-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JobScheduler.getAllPendingJobs() can return null when there are none. Deal with it. Bug 21642868 Change-Id: I11fcc6e146f9db51e03dcf57f7518bb7878fbd28
* | | | Sanitize display names, keep extensions intact.Ben Kwa2015-04-221-8/+4
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the newly factored FileUtils sanitize the requested display names to be valid FAT filenames, and also allow any extension that maps to the requested MIME type. BUG=20157955 Change-Id: Ic37863a3362a941d81632bd4a7562dae40053652
* / / Make DownloadProvider honor the cleartext traffic policy.Alex Klyubin2015-04-013-0/+59
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes the Provider-side of the DownloadManager framework honor the per-UID cleartext network traffic policy. The policy is enforced in the Provider rather than in its client (DownloadManager) because download URLs could get redirected between HTTPS and HTTP and only the Provider currently has visibility into and control over this. Whether cleartext network traffic is permitted is a per-package policy. However, the DownloadProvider can only access the UID of the requesting application. Multiple packages can run under the same UID. In that scenario, cleartext traffic is permited for the UID if cleartext traffic is permitted for any of the packages running under the UID. This could be improved by making the DownloadManager provide the package name in addition to the UID. Bug: 19215516 Change-Id: Ib37585a7a2fc2869954d52a1b08052926f49bc9b
* | Can not continue to download after powering on the phoneBenson Huang2015-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Launch chrome and open www.baidu.com -> Choose "software" in the site navigation -> Tap "games" option, choose one apk to download -> During downloading, power off the phone -> Power on the phone and check, it can't continue to download apk. The fix is to add one condition for retrying to download when IO exception happens (i.e. Failed to open for writing: java.io.FileNotFoundException). Bug 18834618 Review: https://partner-android-review.git.corp.google.com/#/c/193436 Signed-off-by: Benson Huang <benson.huang@mediatek.com> Change-Id: I2f975ff7ffedfc4136fb250dcb5ef8fdca4a367d
* | Use FileUtils to validate FAT filenames.Jeff Sharkey2014-11-261-50/+1
| | | | | | | | | | Bug: 18512473 Change-Id: I686c7c3487f789dc0437513fbc6fed54dc62721f
* | Connection: close is enough to know length.Jeff Sharkey2014-11-101-5/+9
| | | | | | | | | | | | | | | | Now that we're defeating connection reuse, we have one additional type of response where the length is known. Bug: 18306491 Change-Id: I19657c565238f07fd89a55a5dbf1e85748f6e7c3
* | Defeat connection reuse to really cancel.Jeff Sharkey2014-11-071-0/+4
| | | | | | | | | | | | | | | | | | Otherwise servers may continue streaming large downloads into the kept-alive socket. This changes to always close the socket, sending a clear signal to server. Bug: 16153076 Change-Id: I3e7fefce4f82b5f80abaab58874cc4c4374d2bfb
* | Ensure that downloads stop quickly.Jeff Sharkey2014-10-271-8/+25
| | | | | | | | | | | | | | | | | | | | In some cases the provider may have marked a download as deleted, but the content change notification may lag several seconds. To stop as soon as possible, assert that we're not deleted when writing our progress updates. Bug: 16405936 Change-Id: I994b746056d0427c626355e0815234ff5b73198c
* | am 3ee03ac3: am e24609e8: Trim stale downloads from third-party apps.Jeff Sharkey2014-10-171-5/+47
|\| | | | | | | | | * commit '3ee03ac36f0f849b78936cf18972fe2f24a61722': Trim stale downloads from third-party apps.
| * Trim stale downloads from third-party apps.Jeff Sharkey2014-10-161-5/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buggy third-party apps can enqueue lots of downloads and then forget to remove them, causing DownloadManager to stop functioning. This change removes any downloads that match _all_ of the following conditions: 1. Download status is in a terminal (non-pending) state, usually a concrete success or failure. 2. Download hasn't been touched in over a week. 3. Download is not visible in UI. Bug: 17785419 Change-Id: Id82752fd6935371c1af682205d35f7ba35169473
* | Fix internationalization of percentage formatting in DownloadProvider.Elliott Hughes2014-10-102-3/+7
|/ | | | | Bug: 15476051 Change-Id: I085c074f1bb66631872712cab68bcaf6ee7ba7dc
* Colored notificationsSelim Cinek2014-08-271-0/+2
| | | | | Bug: 17128331 Change-Id: Ie2529189e4d62c7dc385f9d36c70ac412fb4159c
* fallocate() returning ENOSYS is okay.Jeff Sharkey2014-08-261-2/+2
| | | | | | | Fall back just like ENOTSUP. Bug: 17285472 Change-Id: Ice4954726c14a0e84c39c5469d573644588934ae
* Whoops, clear identity to get internal columns.Jeff Sharkey2014-08-051-1/+11
| | | | | Bug: 16822344 Change-Id: Ib90e171cbb7babc7a3eea59de5cb899c79fadf94
* Scan after writing download files.Jeff Sharkey2014-08-054-23/+43
| | | | | | | | Kicks off media scanner after files are written, usually through a DocumentsProvider. Bug: 13557203 Change-Id: I4e29b778b4e19a217f60c1e415c4d814724752d3
* Transition the Download Service's cleanup work to a scheduled JobChristopher Tate2014-06-162-8/+50
| | | | | | | | | ...preparatory to finally removing the scratchpad "idle maintenance" infrastructure from the product. Bug 14993295 Change-Id: I1e84247de19e616910db1781b2c399a8b15a805c
* am f04a7690: am 90e7485d: am 02562d30: Merge "Avoid leaking cursors"Jeff Sharkey2014-05-101-20/+30
|\ | | | | | | | | * commit 'f04a7690b53288c98c07e0aa05214cceebea1331': Avoid leaking cursors
| * Merge "Avoid leaking cursors"Jeff Sharkey2014-05-101-20/+30
| |\
| | * Avoid leaking cursorsMattias Nilsson2014-04-011-20/+30
| | | | | | | | | | | | | | | | | | | | | Adding try/finally blocks to make sure that cursor resources are let go Change-Id: I596074aa9ab5752f91a26b5a03e1f39c23c64a5f
| * | Track API package change.Elliott Hughes2014-04-281-4/+4
| |/ | | | | | | Change-Id: Ie2f35386e48894a9c9afb9717af90a5628dcd79b
* | OsConstants is moving.Elliott Hughes2014-04-291-2/+1
| | | | | | | | Change-Id: Ie72e18f539cbad593c489bf52b9afea5330f62c1
* | Fix reference to moved ErrnoException.Torne (Richard Coles)2014-04-291-1/+1
| | | | | | | | | | | | | | ErrnoException has moved to android.system; fix reference in DownloadIdleService. Change-Id: I8a08d3f8074d0ec5a4e8314db173139a109abb33
* | Move internal DownloadProvider code off libcore.os.Elliott Hughes2014-04-282-18/+18
| | | | | | | | | | | | (As much as possible. There are no plans to make the mocking API public.) Change-Id: I348877b850d6d34572d5a19e67952254bc4f12ef
* | resolved conflicts for merge of 2ca55fd3 to masterNick Kralevich2014-03-141-6/+0
|\| | | | | | | Change-Id: I59df74b902c95299ae9adda2ddddb6bad4260159
| * Drop restorecon call from DownloadProvider.Stephen Smalley2014-03-121-6/+0
| | | | | | | | | | | | | | | | It is not necessary/useful to place this directory into a separate type from other app data files, so remove this restorecon. Change-Id: Iabd643a515c134ab2a62e82866a3f72530f795ba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | Add idle service to clean orphan downloads.Jeff Sharkey2014-02-065-87/+179
| | | | | | | | | | | | | | | | | | | | | | | | Periodically reconcile database against disk contents. This handles the case where a user/app deletes files directly from disk without updating the database, and the rare case where a database delete didn't make it to deleting the underlying file. Also cleans up any downloads belonging to a UID when removed. Bug: 12924143 Change-Id: I4899d09df7ef71f2625491ac01ceeafa8a2013ce
* | Many improvements to download storage management.Jeff Sharkey2014-02-069-1110/+968
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change all data transfer to occur through FileDescriptors instead of relying on local files. This paves the way for downloading directly to content:// Uris in the future. Rewrite storage management logic to preflight download when size is known. If enough space is found, immediately reserve the space with fallocate(), advising the kernel block allocator to try giving us a contiguous block regions to reduce fragmentation. When preflighting on internal storage or emulated external storage, ask PackageManager to clear private app caches to free up space. Since we fallocate() the entire file, use the database as the source of truth for resume locations, which requires that we fsync() before each database update. Store in-progress downloads in separate directories to keep the OS from deleting out from under us. Clean up filename generation logic to break ties in this new dual-directory case. Clearer enforcement of successful download preconditions around content lengths and ETags. Move all database field mutations to clearer DownloadInfoDelta object, and write back through single code path. Catch and log uncaught exceptions from DownloadThread. Tests to verify new storage behaviors. Fixed existing test to reflect correct RFC behavior. Bug: 5287571, 3213677, 12663412 Change-Id: I6bb905eca7c7d1a6bc88df3db28b65d70f660221
* | Revert "change download provider to use system log"Doug Zongker2014-01-277-88/+88
| | | | | | | | | | This reverts commit 4f9d2d04003fafb358d7c127054055b3a9732c9b, was only wanted for debugging.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 18:13:29 +0000