Clear identity when deleting scanned entry.
Jeff Sharkey [Tue, 28 Jun 2016 16:07:48 +0000 (10:07 -0600)]
When deleting a file from DownloadManager, we also reach over and
clean up any scanned MediaStore entries.  However, DownloadManager
clients may not hold the WRITE_EXTERNAL_STORAGE permission, such as
when they downloaded a file into their package-specific directories.

The safest fix for now is to clear the calling identity and always
clean up the MediaStore entries ourselves, since DownloadProvider
always holds the required storage permission.

Bug: 29777504
Change-Id: Iea8f5696410010807b118bb56e5b897c53f0e1fe

src/com/android/providers/downloads/DownloadProvider.java

index 4b83cac..d30018f 100644 (file)
@@ -1229,8 +1229,13 @@ public final class DownloadProvider extends ContentProvider {
 
                         final String mediaUri = cursor.getString(2);
                         if (!TextUtils.isEmpty(mediaUri)) {
-                            getContext().getContentResolver().delete(Uri.parse(mediaUri), null,
-                                    null);
+                            final long token = Binder.clearCallingIdentity();
+                            try {
+                                getContext().getContentResolver().delete(Uri.parse(mediaUri), null,
+                                        null);
+                            } finally {
+                                Binder.restoreCallingIdentity(token);
+                            }
                         }
                     }
                 }