Skip to content
Commit 3a8bfc97 authored by Jackal Guo's avatar Jackal Guo
Browse files

Honor app visibility when get MIME type from ContentProvider 

APIs getProviderMimeType and getProviderMimeTypeAsync from Activity-
ManagerService don't check whether the ContentProvider holder of the
given URI is visible to the callers.This leaves the possibility that
malicious code could do a side channel attack. Apply the visibility
check to mitigate this.

Bug: 185126503
Bug: 185126713
Test: atest CtsContentTestCases
Test: atest CtsProviderTestCases
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Test: manually testing with the repro steps in buganizer to ensure
      this CL doesn't break app cloning.
Change-Id: I07c906fb9abfefd15660e506de1c1a398b3b0819
parent e2a41d35
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment