Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / providers / MediaProvider / 02fb8f40de2687f081f72f5e4fa38fb7171b236f
commit02fb8f40de2687f081f72f5e4fa38fb7171b236f[log] [tgz]
authorSahana Rao <sahanas@google.com>Thu May 14 16:54:35 2020 +0100
committerSahana Rao <sahanas@google.com>Tue May 19 13:04:40 2020 +0100
treea448ac55d7fd5cf28851a4389af212147317997d
parent2c690f50d071a61ad15fa645dc0df06e42fe9389 [diff]
Support MATCH_WRITABLE for IS_PENDING AND IS_TRASHED match.

In a filepath operation, pending files and trashed files should only be
visible to
1. App that created it
2. Apps with MANAGE_EXTERNAL_STORAGE permission
3. System Gallery and
4. Legacy apps with WRITE_EXTERNAL_STORAGE
We shouldn't allow any other app to see these files on readdir or modify
or delete these files.

This is achieved by matching database rows that have is_pending or
is_trashed set, and checking if the calling package has write permission
to the database row.

Added new MATCH_* type MATCH_WRITABLE that matches writable database
rows when the given column is set to 1.

Changed default match type for fuse read operations to
MATCH_WRITABLE and default match type for fuse write operations to
MATCH_INCLUDE. Default match type remains unchanged for ContentResolver
operations.

Test: atest packages/providers/MediaProvider
Bug: 148585977
Change-Id: I166cb5bfbfb0a8c7ddf2e74e2ea0a4c99c9a9102
1 file changed
tree: a448ac55d7fd5cf28851a4389af212147317997d
  1. apex/
  2. errorprone/
  3. jni/
  4. legacy/
  5. res/
  6. src/
  7. tests/
  8. tools/
  9. .clang-format
  10. Android.bp
  11. AndroidManifest.xml
  12. CleanSpec.mk
  13. deploy.sh
  14. gen_strings.py
  15. logging.sh
  16. MODULE_LICENSE_APACHE2
  17. NOTICE
  18. OWNERS
  19. PREUPLOAD.cfg
  20. proguard.flags
  21. sqlite3.sh
  22. TEST_MAPPING
  23. trace.sh