diff options
author | Bill Yi <byi@google.com> | 2014-04-29 11:34:23 -0700 |
---|---|---|
committer | Bill Yi <byi@google.com> | 2014-04-29 11:34:23 -0700 |
commit | c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c (patch) | |
tree | 9d51bbcbc7ace00fadba6e851a14e579f4088b0f /src | |
parent | f4abb38e9ba7daeefedb24431dc71d9554164177 (diff) | |
parent | 4c1e2fb40bee6d3361b2d90a27493006f33f729b (diff) | |
download | Browser-c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c.tar.gz |
Merge commit '4c1e2fb40bee6d3361b2d90a27493006f33f729b' into HEAD
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/browser/BrowserPreferencesPage.java | 15 | ||||
-rw-r--r-- | src/com/android/browser/IntentHandler.java | 7 | ||||
-rw-r--r-- | src/com/android/browser/Tab.java | 21 |
3 files changed, 43 insertions, 0 deletions
diff --git a/src/com/android/browser/BrowserPreferencesPage.java b/src/com/android/browser/BrowserPreferencesPage.java index 6e6da178..9b538e0a 100644 --- a/src/com/android/browser/BrowserPreferencesPage.java +++ b/src/com/android/browser/BrowserPreferencesPage.java @@ -25,7 +25,10 @@ import android.view.MenuItem; import com.android.browser.preferences.BandwidthPreferencesFragment; import com.android.browser.preferences.DebugPreferencesFragment; +import java.util.Arrays; +import java.util.HashSet; import java.util.List; +import java.util.Set; public class BrowserPreferencesPage extends PreferenceActivity { @@ -98,4 +101,16 @@ public class BrowserPreferencesPage extends PreferenceActivity { return intent; } + private static final Set<String> sKnownFragments = new HashSet<String>(Arrays.asList( + "com.android.browser.preferences.GeneralPreferencesFragment", + "com.android.browser.preferences.PrivacySecurityPreferencesFragment", + "com.android.browser.preferences.AccessibilityPreferencesFragment", + "com.android.browser.preferences.AdvancedPreferencesFragment", + "com.android.browser.preferences.BandwidthPreferencesFragment", + "com.android.browser.preferences.LabPreferencesFragment")); + + @Override + protected boolean isValidFragment(String fragmentName) { + return sKnownFragments.contains(fragmentName); + } } diff --git a/src/com/android/browser/IntentHandler.java b/src/com/android/browser/IntentHandler.java index 684cbba8..1b8dfc75 100644 --- a/src/com/android/browser/IntentHandler.java +++ b/src/com/android/browser/IntentHandler.java @@ -107,6 +107,13 @@ public class IntentHandler { urlData = new UrlData(mSettings.getHomePage()); } + // If url is to view private data files, don't allow. + Uri uri = intent.getData(); + if (uri != null && uri.getScheme().toLowerCase().startsWith("file") && + uri.getPath().startsWith(mActivity.getDatabasePath("foo").getParent())) { + return; + } + if (intent.getBooleanExtra(Browser.EXTRA_CREATE_NEW_TAB, false) || urlData.isPreloaded()) { Tab t = mController.openTab(urlData); diff --git a/src/com/android/browser/Tab.java b/src/com/android/browser/Tab.java index 026799b0..5d564a1f 100644 --- a/src/com/android/browser/Tab.java +++ b/src/com/android/browser/Tab.java @@ -69,6 +69,7 @@ import com.android.browser.TabControl.OnThumbnailUpdatedListener; import com.android.browser.homepages.HomeProvider; import com.android.browser.provider.SnapshotProvider.Snapshots; +import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; @@ -98,6 +99,8 @@ class Tab implements PictureListener { private static final int CAPTURE_DELAY = 100; private static final int INITIAL_PROGRESS = 5; + private static final String RESTRICTED = "<html><body>not allowed</body></html>"; + private static Bitmap sDefaultFavicon; private static Paint sAlphaPaint = new Paint(); @@ -574,6 +577,24 @@ class Tab implements PictureListener { @Override public WebResourceResponse shouldInterceptRequest(WebView view, String url) { + Uri uri = Uri.parse(url); + if (uri.getScheme().toLowerCase().equals("file")) { + File file = new File(uri.getPath()); + try { + if (file.getCanonicalPath().startsWith( + mContext.getApplicationContext().getApplicationInfo().dataDir)) { + return new WebResourceResponse("text/html","UTF-8", + new ByteArrayInputStream(RESTRICTED.getBytes("UTF-8"))); + } + } catch (Exception ex) { + Log.e(LOGTAG, "Bad canonical path" + ex.toString()); + try { + return new WebResourceResponse("text/html","UTF-8", + new ByteArrayInputStream(RESTRICTED.getBytes("UTF-8"))); + } catch (java.io.UnsupportedEncodingException e) { + } + } + } WebResourceResponse res = HomeProvider.shouldInterceptRequest( mContext, url); return res; |