)]}'
{"id":"LineageOS%2Fandroid_packages_providers_MediaProvider~408136","triplet_id":"LineageOS%2Fandroid_packages_providers_MediaProvider~lineage-20.0~I91e9966c012fe292cebc0b544f77032613516fac","project":"LineageOS/android_packages_providers_MediaProvider","branch":"lineage-20.0","topic":"T_asb_2024-11","attention_set":{},"removed_from_attention_set":{"15173":{"account":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"last_update":"2024-11-16 16:50:00.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I91e9966c012fe292cebc0b544f77032613516fac","subject":"Prevent apps from renaming files they don\u0027t own","status":"MERGED","created":"2024-11-08 17:28:38.000000000","updated":"2024-11-16 16:50:00.000000000","submitted":"2024-11-16 16:50:00.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"408136-T_asb_2024-11","meta_rev_id":"de0bab115b085377155af36437af87fb7232a522","_number":408136,"virtual_id_number":408136,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"approved":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"all":[{"value":2,"date":"2024-11-16 16:50:00.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2024-11-16 16:26:37.000000000","updated_by":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"reviewer":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"state":"REVIEWER"}],"messages":[{"id":"9f0d5b52bbfcfd1d98298d6076aa29a9853b6b2f","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-11-08 17:28:38.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"2a41526e1a8c02def0a5257cdda2c1bf101a668f","author":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-11-16 16:26:37.000000000","message":"Patch Set 1: Code-Review+2 Verified+1","accounts_in_message":[],"_revision_number":1},{"id":"de0bab115b085377155af36437af87fb7232a522","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-11-16 16:50:00.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"f29457e9e2b16fbd3d6b083d01cb52a155b05e3e","revisions":{"fbd14cc73244530a0cdff53d7f0a52740b96da85":{"kind":"REWORK","_number":1,"created":"2024-11-08 17:28:38.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/36/408136/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_providers_MediaProvider","ref":"refs/changes/36/408136/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1 \u0026\u0026 git checkout -b change-408136 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"65a76a9ffe9f25f466bc37f5f888d98c46ee660b","subject":"Merge tag \u0027android-security-13.0.0_r19\u0027 into staging/lineage-20.0_android-security-13.0.0_r19","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/65a76a9ffe9f25f466bc37f5f888d98c46ee660b"}]}],"author":{"name":"Omar Eissa","email":"oeissa@google.com","date":"2024-08-27 13:24:21.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2024-11-08 16:14:05.000000000","tz":-420},"subject":"Prevent apps from renaming files they don\u0027t own","message":"Prevent apps from renaming files they don\u0027t own\n\nMalicious apps could rename files in lower file system using\nMediaProvider.update even if they don\u0027t have access to such files. They\nweren\u0027t able to update the DB of MediaProvider, but by renaming such\nfiles they could create fake records in MediaProvider DB and then rename\nthe file to have the same name as their created record, which would\nallow them to access these files.\n\nIMAGES_MEDIA_ID, AUDIO_MEDIA_ID and VIDEO_MEDIA_ID URIs were already\nguaraded against this vulnerability and the aim of this fix to fix it\nfor all other Media URIs.\n\nBug: 304280682\nFlag: EXEMPT bug fix\nTest: Manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f5b837541c24b8ae5a624f0d3a60b2ad5e7a845)\nMerged-In: I91e9966c012fe292cebc0b544f77032613516fac\nChange-Id: I91e9966c012fe292cebc0b544f77032613516fac\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/fbd14cc73244530a0cdff53d7f0a52740b96da85"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/fbd14cc73244530a0cdff53d7f0a52740b96da85"}]},"branch":"refs/heads/lineage-20.0"},"f29457e9e2b16fbd3d6b083d01cb52a155b05e3e":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-11-16 16:50:00.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/36/408136/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_providers_MediaProvider","ref":"refs/changes/36/408136/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2 \u0026\u0026 git checkout -b change-408136 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_providers_MediaProvider refs/changes/36/408136/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"3830c940381797a7590f81edac9d4edc4313f3b4","subject":"Merge cherrypicks of [\u0027googleplex-android-review.googlesource.com/26967518\u0027] into security-aosp-tm-release.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/3830c940381797a7590f81edac9d4edc4313f3b4"}]}],"author":{"name":"Omar Eissa","email":"oeissa@google.com","date":"2024-08-27 13:24:21.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2024-09-12 03:56:51.000000000","tz":0},"subject":"Prevent apps from renaming files they don\u0027t own","message":"Prevent apps from renaming files they don\u0027t own\n\nMalicious apps could rename files in lower file system using\nMediaProvider.update even if they don\u0027t have access to such files. They\nweren\u0027t able to update the DB of MediaProvider, but by renaming such\nfiles they could create fake records in MediaProvider DB and then rename\nthe file to have the same name as their created record, which would\nallow them to access these files.\n\nIMAGES_MEDIA_ID, AUDIO_MEDIA_ID and VIDEO_MEDIA_ID URIs were already\nguaraded against this vulnerability and the aim of this fix to fix it\nfor all other Media URIs.\n\nBug: 304280682\nFlag: EXEMPT bug fix\nTest: Manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f5b837541c24b8ae5a624f0d3a60b2ad5e7a845)\nMerged-In: I91e9966c012fe292cebc0b544f77032613516fac\nChange-Id: I91e9966c012fe292cebc0b544f77032613516fac\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/f29457e9e2b16fbd3d6b083d01cb52a155b05e3e"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_providers_MediaProvider/commit/f29457e9e2b16fbd3d6b083d01cb52a155b05e3e"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}