commit | 504d78ea10b04baee2a1a65707dc7003c94d1ee4 | [log] [tgz] |
---|---|---|
author | Nicolas Prevot <nprevot@google.com> | Thu Jun 26 10:07:33 2014 +0100 |
committer | Nicolas Prévot <nprevot@google.com> | Tue Aug 05 17:05:09 2014 +0000 |
tree | 333a8e96a4342f87125917d5b901ca4702e564d0 | |
parent | 57210c7a1aebb86d091dee0af49b45649ca47f87 [diff] |
Security fixes related to cross-user content. Enforcing that only uri grants work across users (not permissions). Fixing a security hole where malicious Apps could access a uri if they had uri grants to the same uri on another user. Enforcing that userIds in uris, if they exist, are the one of the ContentProvider. BUG: 16779492 Change-Id: Iaa5264bd6c3aa0e15be3a4a64f9dc88238e0cb2e