Google Git
Sign in
android / platform / packages / providers / DownloadProvider / 8be3a92^! / .
commit8be3a92eb0b4105a9ed748be5a937ce79145f565[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Mon Aug 01 10:24:24 2016 -0600
committerJeff Sharkey <jsharkey@google.com>Mon Aug 01 22:51:59 2016 +0000
tree935d0d45033ed1ee4abc33eb7c120a2aa40706c9
parent46a4c650bbb2699612dd98cd627109db3334af71 [diff]
Enforce calling identity before clearing.

When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.

Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295

diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 2d914c4..d2a9d84 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java

@@ -1192,6 +1192,19 @@
             logVerboseOpenFileInfo(uri, mode);
         }
 
+        // Perform normal query to enforce caller identity access before
+        // clearing it to reach internal-only columns
+        final Cursor probeCursor = query(uri, new String[] {
+                Downloads.Impl._DATA }, null, null, null);
+        try {
+            if ((probeCursor == null) || (probeCursor.getCount() == 0)) {
+                throw new FileNotFoundException(
+                        "No file found for " + uri + " as UID " + Binder.getCallingUid());
+            }
+        } finally {
+            IoUtils.closeQuietly(probeCursor);
+        }
+
         final Cursor cursor = queryCleared(uri, new String[] {
                 Downloads.Impl._DATA, Downloads.Impl.COLUMN_STATUS,
                 Downloads.Impl.COLUMN_DESTINATION, Downloads.Impl.COLUMN_MEDIA_SCANNED }, null,