[Android] Reject call to ArtworkProvider from unknown sources
Nicolas Pomepuy
git at videolan.org
Thu May 7 08:19:58 UTC 2026
vlc-android | branch: master | Nicolas Pomepuy <nicolas at videolabs.io> | Tue Apr 14 14:58:03 2026 +0200| [671e24d0a6b1a892c050ab586a93412a6f5760ec] | committer: Nicolas Pomepuy
Reject call to ArtworkProvider from unknown sources
> https://code.videolan.org/videolan/vlc-android/commit/671e24d0a6b1a892c050ab586a93412a6f5760ec
---
application/vlc-android/src/org/videolan/vlc/ArtworkProvider.kt | 2 +-
application/vlc-android/src/org/videolan/vlc/util/AccessControl.kt | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/application/vlc-android/src/org/videolan/vlc/ArtworkProvider.kt b/application/vlc-android/src/org/videolan/vlc/ArtworkProvider.kt
index fdd3f64369..e0dfb2526e 100644
--- a/application/vlc-android/src/org/videolan/vlc/ArtworkProvider.kt
+++ b/application/vlc-android/src/org/videolan/vlc/ArtworkProvider.kt
@@ -112,7 +112,7 @@ class ArtworkProvider : ContentProvider() {
override fun openFile(uri: Uri, mode: String): ParcelFileDescriptor? {
val callingUid = Binder.getCallingUid()
- AccessControl.logCaller(callingUid)
+ if (!AccessControl.isAuthorized(callingUid)) return null
val uriSegments = uri.pathSegments
if (uriSegments.isEmpty()) throw FileNotFoundException("Path is empty")
return try {
diff --git a/application/vlc-android/src/org/videolan/vlc/util/AccessControl.kt b/application/vlc-android/src/org/videolan/vlc/util/AccessControl.kt
index dd8f8e88c1..6dc1042fff 100644
--- a/application/vlc-android/src/org/videolan/vlc/util/AccessControl.kt
+++ b/application/vlc-android/src/org/videolan/vlc/util/AccessControl.kt
@@ -98,6 +98,11 @@ object AccessControl {
Log.i(TAG, "Access history: $callingUidChecked")
}
+ fun isAuthorized(callingUid: Int): Boolean {
+ logCaller(callingUid)
+ return callingUidChecked[callingUid]?.approved ?: false
+ }
+
fun getCallingPackage(ctx: Context, callingUid: Int, clientPackageName: String? = null): String? {
val packages = ctx.packageManager.getPackagesForUid(callingUid) ?: return null
val packageName = packages.firstOrNull()
More information about the Android
mailing list