| 344744b49633a7f8aa0c8e43469bbfcf9d8e2cab |
|
29-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Exposing file:// beyond your app is bad, m'kay?
For several releases now we've told developers that sharing raw files
between apps is a recipe for trouble. There are at least three major
problems with sending raw files:
-- Apps sending generic intents can't know who is at the other end,
so they may not have access to shared storage locations. This is
more likely now that runtime permissions require apps to explicitly
ask users for permission.
-- Apps making files in their private storage world-readable has been
deprecated for several releases, and now in N it's fully blocked. If
we let these intents through, the receiving app would fail to open
the file, when the real blame rests on the sending app.
-- Devices with user profiles can't share raw files when using
cross-profile intent filters, since filesystem access is fully
locked down between users.
The time has finally come to communicate clearly that if you're
sharing content between apps, you need to use content:// Uris. We
added the simple FileProvider several years ago to give apps a clean
way to migrate with minimal work on their part.
Bug: 26860922, 9069185
Change-Id: I075f627f6a0d6c7fca2c090ca133b9aae9801c64
/frameworks/base/core/java/android/os/FileUriExposedException.java
|