Prevent OPP from opening files that aren't sent over Bluetooth
Before this patch an app could send an open intent to
BluetoothOppTransferService using a fake content provider to gain external
read and write access. We fix this by checking the Uri of the file before
opening it to see if it originated from the Bluetooth Share content provider.
We also stop graning write access to apps that we use to view the file.
Test: PoC found in bug
(cherry picked from commit 23513295508cb984b81456c94210a8ade00fcf77)
1 file changed