summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--AndroidManifest.xml1
-rw-r--r--src/com/android/htmlviewer/FileContentProvider.java7
2 files changed, 8 insertions, 0 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index ed0570b..e7398ec 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -38,6 +38,7 @@
</activity>
<provider android:name="FileContentProvider"
+ android:exported="false"
android:authorities="com.android.htmlfileprovider"
android:syncable="false" android:multiprocess="false"
android:grantUriPermissions="true" />
diff --git a/src/com/android/htmlviewer/FileContentProvider.java b/src/com/android/htmlviewer/FileContentProvider.java
index 1344819..2583b70 100644
--- a/src/com/android/htmlviewer/FileContentProvider.java
+++ b/src/com/android/htmlviewer/FileContentProvider.java
@@ -24,7 +24,9 @@ import android.content.ContentProvider;
import android.content.ContentValues;
import android.database.Cursor;
import android.net.Uri;
+import android.os.Binder;
import android.os.ParcelFileDescriptor;
+import android.os.Process;
/**
* WebView does not support file: loading. This class wraps a file load
@@ -47,6 +49,11 @@ public class FileContentProvider extends ContentProvider {
@Override
public ParcelFileDescriptor openFile(Uri uri, String mode) throws FileNotFoundException {
+ // android:exported="false" is broken in older releases so we have to
+ // manually enforce the calling identity.
+ if (Process.myUid() != Binder.getCallingUid()) {
+ throw new SecurityException("Permission denied");
+ }
if (!"r".equals(mode)) {
throw new FileNotFoundException("Bad mode for " + uri + ": " + mode);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 01:32:02 +0000