diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2016-11-30 16:07:00 -0700 |
|---|---|---|
| committer | Brinly Taylor <brinly@brinly.me> | 2017-03-13 04:56:00 +0000 |
| commit | 44b0bdc995fbc21b294e1cdca3a5aa63feeb4951 (patch) | |
| tree | 088ff5f1743fc03bcf1d2c2b7aa2b4517eaff5d4 | |
| parent | ca7312891adcdfc300f2b5c07222120de52030ea (diff) | |
| download | frameworks_base-44b0bdc995fbc21b294e1cdca3a5aa63feeb4951.zip frameworks_base-44b0bdc995fbc21b294e1cdca3a5aa63feeb4951.tar.gz frameworks_base-44b0bdc995fbc21b294e1cdca3a5aa63feeb4951.tar.bz2 | |
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug: 32172542, 30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit 23ec811266fb728cf159a90ce4882b3c9bac1887)
(cherry picked from commit 6eee8e37fd06bd47dd19b8503bc30cc8ccaf72a7)
(cherry picked from commit 36772fc2263e06972add737660392afd246da15e)
| -rw-r--r-- | core/java/android/provider/Downloads.java | 2 | ||||
| -rwxr-xr-x | services/core/java/com/android/server/am/ActivityManagerService.java | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java index 961eb19..cfdb95d 100644 --- a/core/java/android/provider/Downloads.java +++ b/core/java/android/provider/Downloads.java @@ -41,6 +41,8 @@ public final class Downloads { public static final class Impl implements BaseColumns { private Impl() {} + public static final String AUTHORITY = "downloads"; + /** * The permission to access the download manager */ diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 317dea4..3715620 100755 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -219,6 +219,7 @@ import android.os.UpdateLock; import android.os.UserHandle; import android.os.UserManager; import android.provider.Settings; +import android.provider.Downloads; import android.telecom.TelecomManager; import android.text.format.DateUtils; import android.text.format.Time; @@ -8181,6 +8182,12 @@ public final class ActivityManagerService extends ActivityManagerNative // Only inspect grants matching package if (packageName == null || perm.sourcePkg.equals(packageName) || perm.targetPkg.equals(packageName)) { + // Hacky solution as part of fixing a security bug; ignore + // grants associated with DownloadManager so we don't have + // to immediately launch it to regrant the permissions + if (Downloads.Impl.AUTHORITY.equals(perm.uri.uri.getAuthority()) + && !persistable) continue; + persistChanged |= perm.revokeModes(persistable ? ~0 : ~Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION, true); |