Clear identity when deleting scanned entry.
When deleting a file from DownloadManager, we also reach over and
clean up any scanned MediaStore entries. However, DownloadManager
clients may not hold the WRITE_EXTERNAL_STORAGE permission, such as
when they downloaded a file into their package-specific directories.
The safest fix for now is to clear the calling identity and always
clean up the MediaStore entries ourselves, since DownloadProvider
always holds the required storage permission.
Bug: 29777504
Change-Id: Iea8f5696410010807b118bb56e5b897c53f0e1fe
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 4b83cac..d30018f 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -1229,8 +1229,13 @@
final String mediaUri = cursor.getString(2);
if (!TextUtils.isEmpty(mediaUri)) {
- getContext().getContentResolver().delete(Uri.parse(mediaUri), null,
- null);
+ final long token = Binder.clearCallingIdentity();
+ try {
+ getContext().getContentResolver().delete(Uri.parse(mediaUri), null,
+ null);
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
}
}
}