Merge commit '4c1e2fb40bee6d3361b2d90a27493006f33f729b' into HEAD

author: Bill Yi <byi@google.com> 2014-04-29 11:34:23 -0700
committer: Bill Yi <byi@google.com> 2014-04-29 11:34:23 -0700
commit: c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c (patch)
tree: 9d51bbcbc7ace00fadba6e851a14e579f4088b0f /src
parent: f4abb38e9ba7daeefedb24431dc71d9554164177 (diff)
parent: 4c1e2fb40bee6d3361b2d90a27493006f33f729b (diff)
download: Browser-c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c.tar.gz
3 files changed, 43 insertions, 0 deletions
diff --git a/src/com/android/browser/BrowserPreferencesPage.java b/src/com/android/browser/BrowserPreferencesPage.java
index 6e6da178..9b538e0a 100644
--- a/src/com/android/browser/BrowserPreferencesPage.java
+++ b/src/com/android/browser/BrowserPreferencesPage.java
@@ -25,7 +25,10 @@ import android.view.MenuItem;
 import com.android.browser.preferences.BandwidthPreferencesFragment;
 import com.android.browser.preferences.DebugPreferencesFragment;
 
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 public class BrowserPreferencesPage extends PreferenceActivity {
 
@@ -98,4 +101,16 @@ public class BrowserPreferencesPage extends PreferenceActivity {
         return intent;
     }
 
+    private static final Set<String> sKnownFragments = new HashSet<String>(Arrays.asList(
+            "com.android.browser.preferences.GeneralPreferencesFragment",
+            "com.android.browser.preferences.PrivacySecurityPreferencesFragment",
+            "com.android.browser.preferences.AccessibilityPreferencesFragment",
+            "com.android.browser.preferences.AdvancedPreferencesFragment",
+            "com.android.browser.preferences.BandwidthPreferencesFragment",
+            "com.android.browser.preferences.LabPreferencesFragment"));
+
+    @Override
+    protected boolean isValidFragment(String fragmentName) {
+        return sKnownFragments.contains(fragmentName);
+    }
 }
diff --git a/src/com/android/browser/IntentHandler.java b/src/com/android/browser/IntentHandler.java
index 684cbba8..1b8dfc75 100644
--- a/src/com/android/browser/IntentHandler.java
+++ b/src/com/android/browser/IntentHandler.java
@@ -107,6 +107,13 @@ public class IntentHandler {
                 urlData = new UrlData(mSettings.getHomePage());
             }
 
+            // If url is to view private data files, don't allow.
+            Uri uri = intent.getData();
+            if (uri != null && uri.getScheme().toLowerCase().startsWith("file") &&
+                uri.getPath().startsWith(mActivity.getDatabasePath("foo").getParent())) {
+                return;
+            }
+
             if (intent.getBooleanExtra(Browser.EXTRA_CREATE_NEW_TAB, false)
                   || urlData.isPreloaded()) {
                 Tab t = mController.openTab(urlData);
diff --git a/src/com/android/browser/Tab.java b/src/com/android/browser/Tab.java
index 026799b0..5d564a1f 100644
--- a/src/com/android/browser/Tab.java
+++ b/src/com/android/browser/Tab.java
@@ -69,6 +69,7 @@ import com.android.browser.TabControl.OnThumbnailUpdatedListener;
 import com.android.browser.homepages.HomeProvider;
 import com.android.browser.provider.SnapshotProvider.Snapshots;
 
+import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
@@ -98,6 +99,8 @@ class Tab implements PictureListener {
     private static final int CAPTURE_DELAY = 100;
     private static final int INITIAL_PROGRESS = 5;
 
+    private static final String RESTRICTED = "<html><body>not allowed</body></html>";
+
     private static Bitmap sDefaultFavicon;
 
     private static Paint sAlphaPaint = new Paint();
@@ -574,6 +577,24 @@ class Tab implements PictureListener {
         @Override
         public WebResourceResponse shouldInterceptRequest(WebView view,
                 String url) {
+            Uri uri = Uri.parse(url);
+            if (uri.getScheme().toLowerCase().equals("file")) {
+                File file = new File(uri.getPath());
+                try {
+                    if (file.getCanonicalPath().startsWith(
+                            mContext.getApplicationContext().getApplicationInfo().dataDir)) {
+                        return new WebResourceResponse("text/html","UTF-8",
+                                new ByteArrayInputStream(RESTRICTED.getBytes("UTF-8")));
+                    }
+                } catch (Exception ex) {
+                    Log.e(LOGTAG, "Bad canonical path" + ex.toString());
+                    try {
+                        return new WebResourceResponse("text/html","UTF-8",
+                                new ByteArrayInputStream(RESTRICTED.getBytes("UTF-8")));
+                    } catch (java.io.UnsupportedEncodingException e) {
+                    }
+                }
+            }
             WebResourceResponse res = HomeProvider.shouldInterceptRequest(
                     mContext, url);
             return res;
author	Bill Yi <byi@google.com>	2014-04-29 11:34:23 -0700
committer	Bill Yi <byi@google.com>	2014-04-29 11:34:23 -0700
commit	c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c (patch)
tree	9d51bbcbc7ace00fadba6e851a14e579f4088b0f /src
parent	f4abb38e9ba7daeefedb24431dc71d9554164177 (diff)
parent	4c1e2fb40bee6d3361b2d90a27493006f33f729b (diff)
download	Browser-c31a76c3dfcb2d5e5fc22dfcef03fe12835b074c.tar.gz