Don't use linked mediastore uris in DownloadProvider operations.

When MediaProvider db gets recreated, all the media content ids get renumbered. It's possible that when DownloadProvider is trying to delete an entry, it is holding onto a invalid mediastore uri. So, don't use linked mediastore uris in DownloadProvider operations. Also, revoke any prior uri grants of media content from DownloadStorageProvider. Bug: 132087334 Test: manual Test: atest DownloadProviderTests Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java Change-Id: I4885f5a0ae0b3ab660426605a8a43b8c1d66a4c7
AOSP-10-CAF · May 21, 2019 · 1b817f6 · 1b817f6
1 parent b92f077
commit 1b817f6
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 12 deletions.
diff --git a/core/java/android/app/IUriGrantsManager.aidl b/core/java/android/app/IUriGrantsManager.aidl
@@ -31,11 +31,12 @@ interface IUriGrantsManager {
             in Uri uri, int mode, int sourceUserId, int targetUserId);
     /**
      * Gets the URI permissions granted to an arbitrary package (or all packages if null)
-     * NOTE: this is different from getPersistedUriPermissions(), which returns the URIs the package
+     * NOTE: this is different from getUriPermissions(), which returns the URIs the package
      * granted to another packages (instead of those granted to it).
      */
     ParceledListSlice getGrantedUriPermissions(in String packageName, int userId);
     /** Clears the URI permissions granted to an arbitrary package. */
     void clearGrantedUriPermissions(in String packageName, int userId);
-    ParceledListSlice getPersistedUriPermissions(in String packageName, boolean incoming);
+    ParceledListSlice getUriPermissions(in String packageName, boolean incoming,
+            boolean persistedOnly);
 }
diff --git a/core/java/android/content/ContentResolver.java b/core/java/android/content/ContentResolver.java
@@ -2482,8 +2482,8 @@ public void releasePersistableUriPermission(@NonNull Uri uri,
      */
     public @NonNull List<UriPermission> getPersistedUriPermissions() {
         try {
-            return UriGrantsManager.getService()
-                    .getPersistedUriPermissions(mPackageName, true).getList();
+            return UriGrantsManager.getService().getUriPermissions(
+                    mPackageName, true /* incoming */, true /* persistedOnly */).getList();
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
@@ -2498,8 +2498,18 @@ public void releasePersistableUriPermission(@NonNull Uri uri,
      */
     public @NonNull List<UriPermission> getOutgoingPersistedUriPermissions() {
         try {
-            return UriGrantsManager.getService()
-                    .getPersistedUriPermissions(mPackageName, false).getList();
+            return UriGrantsManager.getService().getUriPermissions(
+                    mPackageName, false /* incoming */, true /* persistedOnly */).getList();
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /** @hide */
+    public @NonNull List<UriPermission> getOutgoingUriPermissions() {
+        try {
+            return UriGrantsManager.getService().getUriPermissions(
+                    mPackageName, false /* incoming */, false /* persistedOnly */).getList();
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }

diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java
@@ -849,6 +849,8 @@ public static class RequestHeaders {
     public static final String CALL_MEDIASTORE_DOWNLOADS_DELETED = "mediastore_downloads_deleted";
     /** @hide */
     public static final String CALL_CREATE_EXTERNAL_PUBLIC_DIR = "create_external_public_dir";
+    /** @hide */
+    public static final String CALL_REVOKE_MEDIASTORE_URI_PERMS = "revoke_mediastore_uri_perms";
 
     /** @hide */
     public static final String EXTRA_IDS = "ids";

diff --git a/services/art-profile b/services/art-profile
@@ -13532,7 +13532,7 @@ HSPLcom/android/server/uri/UriGrantsManagerService;->checkHoldingPermissionsInte
 HSPLcom/android/server/uri/UriGrantsManagerService;->checkUriPermission(Lcom/android/server/uri/GrantUri;II)Z
 HSPLcom/android/server/uri/UriGrantsManagerService;->enforceNotIsolatedCaller(Ljava/lang/String;)V
 HSPLcom/android/server/uri/UriGrantsManagerService;->findOrCreateUriPermission(Ljava/lang/String;Ljava/lang/String;ILcom/android/server/uri/GrantUri;)Lcom/android/server/uri/UriPermission;
-PLcom/android/server/uri/UriGrantsManagerService;->getPersistedUriPermissions(Ljava/lang/String;Z)Landroid/content/pm/ParceledListSlice;
+PLcom/android/server/uri/UriGrantsManagerService;->getPersistedUriPermissions(Ljava/lang/String;ZZ)Landroid/content/pm/ParceledListSlice;
 HSPLcom/android/server/uri/UriGrantsManagerService;->getProviderInfo(Ljava/lang/String;II)Landroid/content/pm/ProviderInfo;
 HSPLcom/android/server/uri/UriGrantsManagerService;->grantUriPermission(ILjava/lang/String;Lcom/android/server/uri/GrantUri;ILcom/android/server/uri/UriPermissionOwner;I)V
 HSPLcom/android/server/uri/UriGrantsManagerService;->grantUriPermissionFromIntent(ILjava/lang/String;Landroid/content/Intent;Lcom/android/server/uri/UriPermissionOwner;I)V

diff --git a/services/core/java/com/android/server/uri/UriGrantsManagerService.java b/services/core/java/com/android/server/uri/UriGrantsManagerService.java
@@ -211,9 +211,9 @@ public void grantUriPermissionFromOwner(IBinder token, int fromUid, String targe
     }
 
     @Override
-    public ParceledListSlice<android.content.UriPermission> getPersistedUriPermissions(
-            String packageName, boolean incoming) {
-        enforceNotIsolatedCaller("getPersistedUriPermissions");
+    public ParceledListSlice<android.content.UriPermission> getUriPermissions(
+            String packageName, boolean incoming, boolean persistedOnly) {
+        enforceNotIsolatedCaller("getUriPermissions");
         Preconditions.checkNotNull(packageName, "packageName");
 
         final int callingUid = Binder.getCallingUid();
@@ -240,7 +240,8 @@ public ParceledListSlice<android.content.UriPermission> getPersistedUriPermissio
                 } else {
                     for (int j = 0; j < perms.size(); j++) {
                         final UriPermission perm = perms.valueAt(j);
-                        if (packageName.equals(perm.targetPkg) && perm.persistedModeFlags != 0) {
+                        if (packageName.equals(perm.targetPkg)
+                                && (!persistedOnly || perm.persistedModeFlags != 0)) {
                             result.add(perm.buildPersistedPublicApiObject());
                         }
                     }
@@ -252,7 +253,8 @@ public ParceledListSlice<android.content.UriPermission> getPersistedUriPermissio
                             mGrantedUriPermissions.valueAt(i);
                     for (int j = 0; j < perms.size(); j++) {
                         final UriPermission perm = perms.valueAt(j);
-                        if (packageName.equals(perm.sourcePkg) && perm.persistedModeFlags != 0) {
+                        if (packageName.equals(perm.sourcePkg)
+                                && (!persistedOnly || perm.persistedModeFlags != 0)) {
                             result.add(perm.buildPersistedPublicApiObject());
                         }
                     }