|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change removes the requirement that apps have the
ACCESS_DOWNLOAD_MANAGER permission in order to access
DownloadProvider. This enables the public API to work. Instead,
DownloadProvider enforces the new permissions model for the public
API:
* insert() requires INTERNET permission
* insert() checks that input fits within the restricted input allowed
for the public API
* insert() also strictly checks the file URI provided with
DESTINATION_FILE_URI (and still requires WRITE_EXTERNAL_STORAGE
permission if that is supplied)
Note that if an app has the ACCESS_DOWNLOAD_MANAGER permission, legacy
behavior is retained.
I've added a test to cover this new access, and updated the existing
permissions tests.
I also fixed a bug in WHERE clause construction in update() and
delete(), and refactored the code to eliminate duplication.
Change-Id: I53a08df137b35c2788c36350276c9dff24858af1
|