diff options
author | Xin Li <delphij@google.com> | 2023-08-28 22:12:23 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-08-28 22:12:23 +0000 |
commit | 3f6a55895b0eadd858d992de52f79767e3d72e29 (patch) | |
tree | 1fb50112beadcba35b1f1d8ec658810fabee54f0 | |
parent | ebafd555591e9992115dc2b4ad3dc89d0bac9579 (diff) | |
parent | 47b43186679e1c6d34943bf8079d1f28caa9e4f8 (diff) | |
download | Gallery2-tmp_amf_298295554.tar.gz |
Merge "Merge Android U (ab/10368041)" into aosp-main-futuretmp_amf_298295554
3 files changed, 34 insertions, 5 deletions
diff --git a/src/com/android/gallery3d/data/MtpClient.java b/src/com/android/gallery3d/data/MtpClient.java index 737b5b60d..0b25bf975 100644 --- a/src/com/android/gallery3d/data/MtpClient.java +++ b/src/com/android/gallery3d/data/MtpClient.java @@ -172,7 +172,7 @@ public class MtpClient { filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED); filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED); filter.addAction(ACTION_USB_PERMISSION); - context.registerReceiver(mUsbReceiver, filter); + context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/); } /** diff --git a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java index bc17a6e03..fc7ec608e 100644 --- a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java +++ b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java @@ -29,16 +29,20 @@ import android.provider.OpenableColumns; import java.io.File; import java.io.FileNotFoundException; +import java.io.IOException; public class SharedImageProvider extends ContentProvider { private static final String LOGTAG = "SharedImageProvider"; public static final String MIME_TYPE = "image/jpeg"; - public static final String AUTHORITY = "com.android.gallery3d.filtershow.provider.SharedImageProvider"; + public static final String AUTHORITY = + "com.android.gallery3d.filtershow.provider.SharedImageProvider"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/image"); public static final String PREPARE = "prepare"; + public static String LOCAL_PATH = (new File(CONTENT_URI.getPath())).getAbsolutePath(); + private final String[] mMimeStreamType = { MIME_TYPE }; @@ -83,13 +87,14 @@ public class SharedImageProvider extends ContentProvider { } @Override - public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { + public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, + String sortOrder) { String uriPath = uri.getLastPathSegment(); if (uriPath == null) { return null; } if (projection == null) { - projection = new String[] { + projection = new String[]{ BaseColumns._ID, MediaStore.MediaColumns.DATA, OpenableColumns.DISPLAY_NAME, @@ -130,8 +135,32 @@ public class SharedImageProvider extends ContentProvider { // Here we need to block until the image is ready mImageReadyCond.block(); File path = new File(uriPath); + ensureValidImagePath(path); int imode = 0; imode |= ParcelFileDescriptor.MODE_READ_ONLY; return ParcelFileDescriptor.open(path, imode); } + + /** + * Ensure that the provided file path is part of the image directory. + * Prevent unauthorized access to other directories by path traversal. + * Throw security exception for paths outside the directory. + * + * @param path The path of the file to check. This path is expected to point to the image + * directory. + * @throws SecurityException Throws SecurityException if the path is not part of the image + * directory. + * @throws FileNotFoundException Throws FileNotFoundException if there is + * no file associated with the given URI. + */ + private void ensureValidImagePath(File path) throws FileNotFoundException { + try { + if (!path.getCanonicalPath().startsWith(LOCAL_PATH)) { + throw new SecurityException( + "The requested file path is not part of the image directory"); + } + } catch (IOException e) { + throw new FileNotFoundException(e.getMessage()); + } + } } diff --git a/src/com/android/gallery3d/ingest/data/MtpClient.java b/src/com/android/gallery3d/ingest/data/MtpClient.java index cc6c9ce07..3943a6d5c 100644 --- a/src/com/android/gallery3d/ingest/data/MtpClient.java +++ b/src/com/android/gallery3d/ingest/data/MtpClient.java @@ -170,7 +170,7 @@ public class MtpClient { filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED); filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED); filter.addAction(ACTION_USB_PERMISSION); - context.registerReceiver(mUsbReceiver, filter); + context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/); } /** |