From 620f9e6c84434c0950a2cbc1a6e73e843c93bdd6 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Mon, 9 Jul 2018 12:16:26 -0600
Subject: Remove "public" download feature.

It was never a supported API, and has been reported as causing
security issues, so remove it.

Bug: 111084083
Test: builds
Change-Id: I26345b192ffd55216bb8c8fdb82cb5869d68d3db
(cherry picked from commit 35e123117be9ec5d61dbaea60f6eac06c0e80dc4)
CVE-2018-9468
---
 src/com/android/providers/downloads/DownloadProvider.java | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 5995a083..d2fca9bc 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -94,11 +94,6 @@ public final class DownloadProvider extends ContentProvider {
     private static final int ALL_DOWNLOADS_ID = 4;
     /** URI matcher constant for the URI of a download's request headers */
     private static final int REQUEST_HEADERS_URI = 5;
-    /** URI matcher constant for the public URI returned by
-     * {@link DownloadManager#getUriForDownloadedFile(long)} if the given downloaded file
-     * is publicly accessible.
-     */
-    private static final int PUBLIC_DOWNLOAD_ID = 6;
     static {
         sURIMatcher.addURI("downloads", "my_downloads", MY_DOWNLOADS);
         sURIMatcher.addURI("downloads", "my_downloads/#", MY_DOWNLOADS_ID);
@@ -116,9 +111,6 @@ public final class DownloadProvider extends ContentProvider {
         sURIMatcher.addURI("downloads",
                 "download/#/" + Downloads.Impl.RequestHeaders.URI_SEGMENT,
                 REQUEST_HEADERS_URI);
-        sURIMatcher.addURI("downloads",
-                Downloads.Impl.PUBLICLY_ACCESSIBLE_DOWNLOADS_URI_SEGMENT + "/#",
-                PUBLIC_DOWNLOAD_ID);
     }
 
     /** Different base URIs that could be used to access an individual download */
@@ -486,8 +478,7 @@ public final class DownloadProvider extends ContentProvider {
                 return DOWNLOAD_LIST_TYPE;
             }
             case MY_DOWNLOADS_ID:
-            case ALL_DOWNLOADS_ID:
-            case PUBLIC_DOWNLOAD_ID: {
+            case ALL_DOWNLOADS_ID: {
                 // return the mimetype of this id from the database
                 final String id = getDownloadIdFromUri(uri);
                 final SQLiteDatabase db = mOpenHelper.getReadableDatabase();
@@ -1134,8 +1125,7 @@ public final class DownloadProvider extends ContentProvider {
             int uriMatch) {
         SqlSelection selection = new SqlSelection();
         selection.appendClause(where, whereArgs);
-        if (uriMatch == MY_DOWNLOADS_ID || uriMatch == ALL_DOWNLOADS_ID ||
-                uriMatch == PUBLIC_DOWNLOAD_ID) {
+        if (uriMatch == MY_DOWNLOADS_ID || uriMatch == ALL_DOWNLOADS_ID) {
             selection.appendClause(Downloads.Impl._ID + " = ?", getDownloadIdFromUri(uri));
         }
         if ((uriMatch == MY_DOWNLOADS || uriMatch == MY_DOWNLOADS_ID)
-- 
cgit v1.2.3