Clarify that FileUriExposedException is not a security boundary (372b0fec) · Commits · e / os / android_frameworks_base

core/java/android/os/FileUriExposedException.java

+12 −7

Original line number	Original line	Diff line number	Diff line
	@@ -19,14 +19,19 @@ package android.os;
	import android.content.Intent;		import android.content.Intent;

	/**		/**
	* The exception that is thrown when an application exposes a {@code file://}		* The exception that may be thrown when an application exposes a
	* {@link android.net.Uri} to another app.		* {@code file://} {@link android.net.Uri} to another app.
	* <p>		* <p>
	* This exposure is discouraged since the receiving app may not have access to		* This exception is a diagnostic tool for developers to identify situations
	* the shared path. For example, the receiving app may not have requested the		* where {@code file://} Uris are being exposed. It is not always thrown when a
	* {@link android.Manifest.permission#READ_EXTERNAL_STORAGE} runtime permission,		* {@code file://} Uri is exposed, so it must not be relied on for security
	* or the platform may be sharing the {@link android.net.Uri} across user		* purposes on any SDK version.
	* profile boundaries.		* <p>
			* {@code file://} Uri exposure is discouraged since the receiving app may not
			* have access to the shared path. For example, the receiving app may not have
			* requested the {@link android.Manifest.permission#READ_EXTERNAL_STORAGE}
			* runtime permission, or the platform may be sharing the
			* {@link android.net.Uri} across user profile boundaries.
	* <p>		* <p>
	* Instead, apps should use {@code content://} Uris so the platform can extend		* Instead, apps should use {@code content://} Uris so the platform can extend
	* temporary permission for the receiving app to access the resource.		* temporary permission for the receiving app to access the resource.