diff options
author | Jakub Pawlowski <jpawlowski@google.com> | 2021-04-27 17:33:07 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-04-27 17:33:07 +0000 |
commit | f8ad321585c6461175ad9ca852a8243ec9ed23f9 (patch) | |
tree | 7f8d26781ba695ef6498874ec32cd93c31ee2e33 | |
parent | 79dae714ee3c8d3631b8d652f72a70b3c3138fa1 (diff) | |
parent | 5fd89df71e29571cde91c4a899939496002b2499 (diff) | |
download | Bluetooth-f8ad321585c6461175ad9ca852a8243ec9ed23f9.tar.gz |
Forbid content from MmsFileProvider in Bluetooth Share am: 5fd89df71e
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Bluetooth/+/14296216
Change-Id: Ic113349e039670a03aafffc5e132289579f4811b
-rw-r--r-- | src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java | 6 | ||||
-rw-r--r-- | src/com/android/bluetooth/opp/BluetoothOppUtility.java | 7 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java b/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java index 6d7fe9586..641fed020 100644 --- a/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java +++ b/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java @@ -110,6 +110,12 @@ public class BluetoothOppSendFileInfo { // This will allow more 3rd party applications to share files via // bluetooth if ("content".equals(scheme)) { + if (fromExternal && BluetoothOppUtility.isForbiddenContent(uri)) { + EventLog.writeEvent(0x534e4554, "179910660", -1, uri.toString()); + Log.e(TAG, "Content from forbidden URI is not allowed."); + return SEND_FILE_INFO_ERROR; + } + contentType = contentResolver.getType(uri); Cursor metadataCursor; try { diff --git a/src/com/android/bluetooth/opp/BluetoothOppUtility.java b/src/com/android/bluetooth/opp/BluetoothOppUtility.java index 1b5cd59b4..6b1dcc2c9 100644 --- a/src/com/android/bluetooth/opp/BluetoothOppUtility.java +++ b/src/com/android/bluetooth/opp/BluetoothOppUtility.java @@ -410,6 +410,13 @@ public class BluetoothOppUtility { return isSameOrSubDirectory(Environment.getExternalStorageDirectory(), file); } + static boolean isForbiddenContent(Uri uri) { + if ("com.android.bluetooth.map.MmsFileProvider".equals(uri.getHost())) { + return true; + } + return false; + } + /** * Checks, whether the child directory is the same as, or a sub-directory of the base * directory. Neither base nor child should be null. |