Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 3a8bfc97 authored by Jackal Guo's avatar Jackal Guo
Browse files

Honor app visibility when get MIME type from ContentProvider 

APIs getProviderMimeType and getProviderMimeTypeAsync from Activity-
ManagerService don't check whether the ContentProvider holder of the
given URI is visible to the callers.This leaves the possibility that
malicious code could do a side channel attack. Apply the visibility
check to mitigate this.

Bug: 185126503
Bug: 185126713
Test: atest CtsContentTestCases
Test: atest CtsProviderTestCases
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Test: manually testing with the repro steps in buganizer to ensure
      this CL doesn't break app cloning.
Change-Id: I07c906fb9abfefd15660e506de1c1a398b3b0819
parent e2a41d35
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment