Merge cherrypicks of [6738238, 6739193, 6738335, 6738239, 6739470, 6739471, 6738201, 6738202, 6738203, 6738204, 6738205, 6738206, 6738207, 6738208, 6738209, 6739510, 6739511, 6739512, 6739513, 6739514, 6739515, 6739516, 6738336, 6739517, 6739518, 6738416, 6738417, 6739472, 6739473, 6739519, 6739520, 6739071, 6739072, 6738695, 6738696, 6738697, 6738698, 6738699, 6738243, 6739521, 6738244, 6738153, 6738154, 6738155, 6738156, 6738157, 6738158, 6738159, 6738160, 6739522, 6739523] into nyc-bugfix-releaseandroid-7.0.0_r36 nougat-mr0.5-release

Change-Id: If4e5907d24ce1220e523d3b29686e48d37306e32
author: android-build-team Robot <android-build-team-robot@google.com> 2019-03-15 23:16:28 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2019-03-15 23:16:28 +0000
commit: 1fe22b8afdd42ab22cee010779503a8c6b31bf9d (patch)
tree: edd2a24e3c6cd626bb83175954b6eb3148cfdbfa
parent: 06896b90ca0debd0db0e083e064e09f4b2a9d4e9 (diff)
parent: 6eab7baf8d0ad64b166ed49b20e15d8e153a9857 (diff)
download: Contacts-nougat-mr0.5-release.tar.gz
2 files changed, 67 insertions, 4 deletions
diff --git a/src/com/android/contacts/util/ContactPhotoUtils.java b/src/com/android/contacts/util/ContactPhotoUtils.java
index ce691c3b7..a80af7f20 100644
--- a/src/com/android/contacts/util/ContactPhotoUtils.java
+++ b/src/com/android/contacts/util/ContactPhotoUtils.java
@@ -18,19 +18,17 @@
 package com.android.contacts.util;
 
 import android.content.ClipData;
+import android.content.ContentResolver;
 import android.content.Context;
 import android.content.Intent;
 import android.graphics.Bitmap;
 import android.graphics.BitmapFactory;
 import android.net.Uri;
-import android.os.Environment;
 import android.provider.MediaStore;
 import android.support.v4.content.FileProvider;
 import android.util.Log;
-
 import com.android.contacts.R;
 import com.google.common.io.Closeables;
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -148,7 +146,7 @@ public class ContactPhotoUtils {
      */
     public static boolean savePhotoFromUriToUri(Context context, Uri inputUri, Uri outputUri,
             boolean deleteAfterSave) {
-        if (inputUri == null || outputUri == null) {
+        if (inputUri == null || outputUri == null || isFilePathAndNotStorage(inputUri)) {
             return false;
         }
         try (FileOutputStream outputStream = context.getContentResolver()
@@ -173,4 +171,20 @@ public class ContactPhotoUtils {
         }
         return true;
     }
+
+    /**
+     * Returns {@code true} if the {@code inputUri} is a FILE scheme and it does not point to
+     * the storage directory.
+     */
+    private static boolean isFilePathAndNotStorage(Uri inputUri) {
+        if (ContentResolver.SCHEME_FILE.equals(inputUri.getScheme())) {
+            try {
+                File file = new File(inputUri.getPath()).getCanonicalFile();
+                return !file.getCanonicalPath().startsWith("/storage/");
+            } catch (IOException e) {
+                return false;
+            }
+        }
+        return false;
+    }
 }
diff --git a/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
new file mode 100644
index 000000000..d17b98c2d
--- /dev/null
+++ b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
@@ -0,0 +1,49 @@
+package com.android.contacts.util;
+
+import android.net.Uri;
+import android.test.AndroidTestCase;
+import android.test.suitebuilder.annotation.SmallTest;
+
+/**
+ * Test cases for {@link ContactPhotoUtils}.
+ *
+ * adb shell am instrument -w -e class com.android.contacts.util.ContactPhotoUtilsTest \
+ *   com.android.contacts.tests/android.test.InstrumentationTestRunner
+ */
+@SmallTest
+public class ContactPhotoUtilsTest extends AndroidTestCase {
+
+  private Uri tempUri;
+
+  @Override
+  protected void setUp() throws Exception {
+    tempUri = ContactPhotoUtils.generateTempImageUri(getContext());
+  }
+
+  protected void tearDown() throws Exception {
+    getContext().getContentResolver().delete(tempUri, null, null);
+  }
+
+  public void testFileUriDataPathFails() {
+    String filePath =
+        "file:///data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+    assertFalse(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+  }
+
+  public void testFileUriCanonicalDataPathFails() {
+    String filePath =
+        "file:///storage/../data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+    assertFalse(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+  }
+
+  public void testContentUriInternalPasses() {
+    Uri internal = ContactPhotoUtils.generateTempImageUri(getContext());
+
+    assertTrue(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), internal, tempUri, true));
+  }
+}
author	android-build-team Robot <android-build-team-robot@google.com>	2019-03-15 23:16:28 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2019-03-15 23:16:28 +0000
commit	1fe22b8afdd42ab22cee010779503a8c6b31bf9d (patch)
tree	edd2a24e3c6cd626bb83175954b6eb3148cfdbfa
parent	06896b90ca0debd0db0e083e064e09f4b2a9d4e9 (diff)
parent	6eab7baf8d0ad64b166ed49b20e15d8e153a9857 (diff)
download	Contacts-nougat-mr0.5-release.tar.gz