diff options
| author | 2016-11-30 16:07:00 -0700 | |
|---|---|---|
| committer | 2016-12-02 00:05:40 +0000 | |
| commit | 17010dc0d2f2ec72f4b224323e6aee65fa64d8fe (patch) | |
| tree | b76fa6597060dc1fb6ca92321bee6e7b19d386bd | |
| parent | c8b11fb7cbe3f7814e52e990205048c6e4c0934f (diff) | |
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug: 32172542, 30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit 23ec811266fb728cf159a90ce4882b3c9bac1887)
| -rw-r--r-- | core/java/android/provider/Downloads.java | 2 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java index b826584009c1..a280e594525e 100644 --- a/core/java/android/provider/Downloads.java +++ b/core/java/android/provider/Downloads.java @@ -41,6 +41,8 @@ public final class Downloads { public static final class Impl implements BaseColumns { private Impl() {} + public static final String AUTHORITY = "downloads"; + /** * The permission to access the download manager */ diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 5807a354e8c0..7f4119970990 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -189,6 +189,7 @@ import android.os.UpdateLock; import android.os.UserHandle; import android.os.UserManager; import android.os.WorkSource; +import android.provider.Downloads; import android.os.storage.IMountService; import android.os.storage.MountServiceInternal; import android.os.storage.StorageManager; @@ -8510,6 +8511,12 @@ public final class ActivityManagerService extends ActivityManagerNative // Only inspect grants matching package if (packageName == null || perm.sourcePkg.equals(packageName) || perm.targetPkg.equals(packageName)) { + // Hacky solution as part of fixing a security bug; ignore + // grants associated with DownloadManager so we don't have + // to immediately launch it to regrant the permissions + if (Downloads.Impl.AUTHORITY.equals(perm.uri.uri.getAuthority()) + && !persistable) continue; + persistChanged |= perm.revokeModes(persistable ? ~0 : ~Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION, true); |