Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 504d78ea10b04baee2a1a65707dc7003c94d1ee4
commit504d78ea10b04baee2a1a65707dc7003c94d1ee4[log] [tgz]
authorNicolas Prevot <nprevot@google.com>Thu Jun 26 10:07:33 2014 +0100
committerNicolas Prévot <nprevot@google.com>Tue Aug 05 17:05:09 2014 +0000
tree333a8e96a4342f87125917d5b901ca4702e564d0
parent57210c7a1aebb86d091dee0af49b45649ca47f87 [diff]
Security fixes related to cross-user content.

Enforcing that only uri grants work across users (not permissions).
Fixing a security hole where malicious Apps could access a uri if they had uri grants to the same uri on another user.
Enforcing that userIds in uris, if they exist, are the one of the ContentProvider.

BUG: 16779492

Change-Id: Iaa5264bd6c3aa0e15be3a4a64f9dc88238e0cb2e
2 files changed
tree: 333a8e96a4342f87125917d5b901ca4702e564d0
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. phone/
  19. policy/
  20. rs/
  21. samples/
  22. sax/
  23. services/
  24. telecomm/
  25. telephony/
  26. test-runner/
  27. tests/
  28. tools/
  29. wifi/
  30. Android.mk
  31. CleanSpec.mk
  32. MODULE_LICENSE_APACHE2
  33. NOTICE
  34. preloaded-classes