diff options
| -rw-r--r-- | core/java/android/provider/Downloads.java | 2 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java index b826584009c1..a280e594525e 100644 --- a/core/java/android/provider/Downloads.java +++ b/core/java/android/provider/Downloads.java @@ -41,6 +41,8 @@ public final class Downloads { public static final class Impl implements BaseColumns { private Impl() {} + public static final String AUTHORITY = "downloads"; + /** * The permission to access the download manager */ diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 85d2981aaa96..f4e823bcce53 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -190,6 +190,7 @@ import android.os.UpdateLock; import android.os.UserHandle; import android.os.UserManager; import android.os.WorkSource; +import android.provider.Downloads; import android.os.storage.IMountService; import android.os.storage.MountServiceInternal; import android.os.storage.StorageManager; @@ -8547,6 +8548,12 @@ public final class ActivityManagerService extends ActivityManagerNative // Only inspect grants matching package if (packageName == null || perm.sourcePkg.equals(packageName) || perm.targetPkg.equals(packageName)) { + // Hacky solution as part of fixing a security bug; ignore + // grants associated with DownloadManager so we don't have + // to immediately launch it to regrant the permissions + if (Downloads.Impl.AUTHORITY.equals(perm.uri.uri.getAuthority()) + && !persistable) continue; + persistChanged |= perm.revokeModes(persistable ? ~0 : ~Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION, true); |