Forbid content from MmsFileProvider in Bluetooth Share am: 5fd89df71e

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Bluetooth/+/14296216

Change-Id: Ic113349e039670a03aafffc5e132289579f4811b

2 files changed, 13 insertions, 0 deletions

diff --git a/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java b/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java
index 6d7fe9586..641fed020 100644
--- a/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java
+++ b/src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java
@@ -110,6 +110,12 @@ public class BluetoothOppSendFileInfo {
         // This will allow more 3rd party applications to share files via
         // bluetooth
         if ("content".equals(scheme)) {
+            if (fromExternal && BluetoothOppUtility.isForbiddenContent(uri)) {
+                EventLog.writeEvent(0x534e4554, "179910660", -1, uri.toString());
+                Log.e(TAG, "Content from forbidden URI is not allowed.");
+                return SEND_FILE_INFO_ERROR;
+            }
+
             contentType = contentResolver.getType(uri);
             Cursor metadataCursor;
             try {
diff --git a/src/com/android/bluetooth/opp/BluetoothOppUtility.java b/src/com/android/bluetooth/opp/BluetoothOppUtility.java
index 1b5cd59b4..6b1dcc2c9 100644
--- a/src/com/android/bluetooth/opp/BluetoothOppUtility.java
+++ b/src/com/android/bluetooth/opp/BluetoothOppUtility.java
@@ -410,6 +410,13 @@ public class BluetoothOppUtility {
         return isSameOrSubDirectory(Environment.getExternalStorageDirectory(), file);
     }
 
+    static boolean isForbiddenContent(Uri uri) {
+        if ("com.android.bluetooth.map.MmsFileProvider".equals(uri.getHost())) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Checks, whether the child directory is the same as, or a sub-directory of the base
      * directory. Neither base nor child should be null.