32807795 Security Vulnerability - AOSP Messaging App: thirdparty can
attach private files from "/data/data/com.android.messaging/"
directory to the messaging app.
* This is a manual merge from ag/871758 -- backporting a security fix from
Bugle to Kazoo.
* Don't export the MediaScratchFileProvider or the MmsFileProvider. This
will block external access from third party apps. In addition, make both
providers more robust in handling path names. Make sure the file paths
handled in the providers point to the expected directory.
(cherry picked from commit a2aa53f83afbd13b04cbdcca494fd3cf659c155d)
3 files changed