Merge "Merge SQ1A.220205.002"
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
index 033fe80..922b801 100644
--- a/src/com/android/providers/media/MediaProvider.java
+++ b/src/com/android/providers/media/MediaProvider.java
@@ -2624,15 +2624,41 @@
try (Cursor c = qb.query(helper,
new String[] { BaseColumns._ID }, null, null, null, null, null, null, null)) {
if (c.getCount() == 1) {
- return PackageManager.PERMISSION_GRANTED;
+ c.moveToFirst();
+ final long cursorId = c.getLong(0);
+
+ long uriId = -1;
+ try {
+ uriId = ContentUris.parseId(uri);
+ } catch (NumberFormatException ignored) {
+ // if the id is not a number, the uri doesn't have a valid ID at the end of
+ // the uri, (i.e., uri is uri of the table not of the item/row)
+ }
+
+ if (uriId != -1 && cursorId == uriId) {
+ return PackageManager.PERMISSION_GRANTED;
+ }
}
}
- try {
- if (ContentUris.parseId(uri) != -1) {
+ // For the uri with id cases, if it isn't returned in above query section, the result
+ // isn't as expected. Don't grant the permission.
+ switch (table) {
+ case AUDIO_MEDIA_ID:
+ case IMAGES_MEDIA_ID:
+ case VIDEO_MEDIA_ID:
+ case DOWNLOADS_ID:
+ case FILES_ID:
+ case AUDIO_MEDIA_ID_GENRES_ID:
+ case AUDIO_GENRES_ID:
+ case AUDIO_PLAYLISTS_ID:
+ case AUDIO_PLAYLISTS_ID_MEMBERS_ID:
+ case AUDIO_ARTISTS_ID:
+ case AUDIO_ALBUMS_ID:
return PackageManager.PERMISSION_DENIED;
- }
- } catch (NumberFormatException ignored) { }
+ default:
+ // continue below
+ }
// If the uri is a valid content uri and doesn't have a valid ID at the end of the uri,
// (i.e., uri is uri of the table not of the item/row), and app doesn't request prefix
@@ -2642,9 +2668,6 @@
if ((modeFlags & Intent.FLAG_GRANT_PREFIX_URI_PERMISSION) == 0) {
return PackageManager.PERMISSION_GRANTED;
}
-
- // For prefix grant on the uri with content uri without id, we don't allow apps to
- // grant access as they might end up granting access to all files.
} finally {
restoreLocalCallingIdentity(token);
}
@@ -8838,6 +8861,26 @@
if (mCallingIdentity.get().isOwned(id)) {
return true;
}
+ break;
+ default:
+ // continue below
+ }
+
+ // Check whether the uri is a specific table or not. Don't allow the global access to these
+ // table uris
+ switch (table) {
+ case AUDIO_MEDIA:
+ case IMAGES_MEDIA:
+ case VIDEO_MEDIA:
+ case DOWNLOADS:
+ case FILES:
+ case AUDIO_ALBUMS:
+ case AUDIO_ARTISTS:
+ case AUDIO_GENRES:
+ case AUDIO_PLAYLISTS:
+ return false;
+ default:
+ // continue below
}
// Outstanding grant means they get access