Prevent OPP from opening files that aren't sent over Bluetooth
Before this patch an app could send an open intent to
BluetoothOppTransferService using a fake content provider to gain external
read and write access. We fix this by checking the Uri of the file before
opening it to see if it originated from the Bluetooth Share content provider.
We also stop graning write access to apps that we use to view the file.
Test: PoC found in bug
(cherry picked from commit f20350af42cd5cce1a762ef587ee50fef696f0f0)
1 file changed