Google Git
Sign in
android/platform/packages/providers/MediaProvider/69a25763cdb46c8f23fe9eb976132acbe2af82d6
commit
69a25763cdb46c8f23fe9eb976132acbe2af82d6
[log]
author
Himanshu Arora <hmarora@google.com>
Fri Oct 24 16:47:37 2025 +0000
committer
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Wed Jan 07 21:42:46 2026 -0800
tree
c767cca159307e41cfed9ecdc225f1c9cf849f42
parent
8a710e8508880a2af058ad93b58b4fe5e770be57 [diff]
Fix ACCESS_MEDIA_LOCATION bypass via SAF picker

When an app uses a picker to access media files, the picker should respect the app's permissions. Currently, it is possible to bypass the ACCESS_MEDIA_LOCATION permission and get unredacted location data.

This change fixes this by having MediaProvider check the permissions of the app on whose behalf the media is being opened. When a `mediaCapabilitiesUid` is passed, MediaProvider now checks if that UID has the necessary permissions.

Bug: 326211886
Test: manual
Flag: EXEMPT BUGFIX
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:e5e47f93838e1e9a3a3a520f7c89229fc041a8c3
Merged-In: I7ad51535d5ae8a3803162f688c4794edbbcfb167
Change-Id: I7ad51535d5ae8a3803162f688c4794edbbcfb167
1 file changed
tree: c767cca159307e41cfed9ecdc225f1c9cf849f42
  1. apex/
  2. cli/
  3. errorprone/
  4. jni/
  5. legacy/
  6. pdf/
  7. photopicker/
  8. res/
  9. src/
  10. tests/
  11. tools/
  12. .clang-format
  13. .gitignore
  14. Android.bp
  15. AndroidManifest.xml
  16. CleanSpec.mk
  17. deploy.sh
  18. gen_strings.py
  19. jarjar-rules.txt
  20. lint-baseline.xml
  21. lint-baseline2.xml
  22. logging.sh
  23. mediaprovider_flags.aconfig
  24. mediaproviderutils.sh
  25. OWNERS
  26. perfetto_config.pbtx
  27. preinstalled-packages-com.android.providers.media.module.xml
  28. PREUPLOAD.cfg
  29. proguard.flags
  30. TEST_MAPPING
  31. trace.sh
  32. transcode.sh