Google Git
Sign in
android / platform / frameworks / base / 90a6312^! / .
commit90a6312dc958f51c9cc8a00a1b54502ba5ad3a1b[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Wed Nov 30 16:07:00 2016 -0700
committergitbuildkicker <android-build@google.com>Mon Dec 19 14:41:11 2016 -0800
tree8871d383ec2ed6bfdeb130d40c8844f14ccd4df8
parent858064e946dc8dbf76bff9387e847e211703e336 [diff]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.

As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads.  However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.

We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health.  Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.

Bug: 32172542, 30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit 23ec811266fb728cf159a90ce4882b3c9bac1887)
(cherry picked from commit 6eee8e37fd06bd47dd19b8503bc30cc8ccaf72a7)

diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java
index b826584..a280e59 100644
--- a/core/java/android/provider/Downloads.java
+++ b/core/java/android/provider/Downloads.java

@@ -41,6 +41,8 @@
     public static final class Impl implements BaseColumns {
         private Impl() {}
 
+        public static final String AUTHORITY = "downloads";
+
         /**
          * The permission to access the download manager
          */

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 5a99d6f..bc9d58e 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java

@@ -190,6 +190,7 @@
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.os.WorkSource;
+import android.provider.Downloads;
 import android.os.storage.IMountService;
 import android.os.storage.MountServiceInternal;
 import android.os.storage.StorageManager;
@@ -8547,6 +8548,12 @@
                     // Only inspect grants matching package
                     if (packageName == null || perm.sourcePkg.equals(packageName)
                             || perm.targetPkg.equals(packageName)) {
+                        // Hacky solution as part of fixing a security bug; ignore
+                        // grants associated with DownloadManager so we don't have
+                        // to immediately launch it to regrant the permissions
+                        if (Downloads.Impl.AUTHORITY.equals(perm.uri.uri.getAuthority())
+                                && !persistable) continue;
+
                         persistChanged |= perm.revokeModes(persistable
                                 ? ~0 : ~Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION, true);