Merge "Merge Android U (ab/10368041)" into aosp-main-futuretmp_amf_298295554

author: Xin Li <delphij@google.com> 2023-08-28 22:12:23 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-08-28 22:12:23 +0000
commit: 3f6a55895b0eadd858d992de52f79767e3d72e29 (patch)
tree: 1fb50112beadcba35b1f1d8ec658810fabee54f0
parent: ebafd555591e9992115dc2b4ad3dc89d0bac9579 (diff)
parent: 47b43186679e1c6d34943bf8079d1f28caa9e4f8 (diff)
download: Gallery2-tmp_amf_298295554.tar.gz
3 files changed, 34 insertions, 5 deletions
diff --git a/src/com/android/gallery3d/data/MtpClient.java b/src/com/android/gallery3d/data/MtpClient.java
index 737b5b60d..0b25bf975 100644
--- a/src/com/android/gallery3d/data/MtpClient.java
+++ b/src/com/android/gallery3d/data/MtpClient.java
@@ -172,7 +172,7 @@ public class MtpClient {
         filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED);
         filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED);
         filter.addAction(ACTION_USB_PERMISSION);
-        context.registerReceiver(mUsbReceiver, filter);
+        context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/);
     }
 
     /**
diff --git a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java
index bc17a6e03..fc7ec608e 100644
--- a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java
+++ b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java
@@ -29,16 +29,20 @@ import android.provider.OpenableColumns;
 
 import java.io.File;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 
 public class SharedImageProvider extends ContentProvider {
 
     private static final String LOGTAG = "SharedImageProvider";
 
     public static final String MIME_TYPE = "image/jpeg";
-    public static final String AUTHORITY = "com.android.gallery3d.filtershow.provider.SharedImageProvider";
+    public static final String AUTHORITY =
+            "com.android.gallery3d.filtershow.provider.SharedImageProvider";
     public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/image");
     public static final String PREPARE = "prepare";
 
+    public static String LOCAL_PATH = (new File(CONTENT_URI.getPath())).getAbsolutePath();
+
     private final String[] mMimeStreamType = {
             MIME_TYPE
     };
@@ -83,13 +87,14 @@ public class SharedImageProvider extends ContentProvider {
     }
 
     @Override
-    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
+    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+            String sortOrder) {
         String uriPath = uri.getLastPathSegment();
         if (uriPath == null) {
             return null;
         }
         if (projection == null) {
-            projection = new String[] {
+            projection = new String[]{
                     BaseColumns._ID,
                     MediaStore.MediaColumns.DATA,
                     OpenableColumns.DISPLAY_NAME,
@@ -130,8 +135,32 @@ public class SharedImageProvider extends ContentProvider {
         // Here we need to block until the image is ready
         mImageReadyCond.block();
         File path = new File(uriPath);
+        ensureValidImagePath(path);
         int imode = 0;
         imode |= ParcelFileDescriptor.MODE_READ_ONLY;
         return ParcelFileDescriptor.open(path, imode);
     }
+
+    /**
+     * Ensure that the provided file path is part of the image directory.
+     * Prevent unauthorized access to other directories by path traversal.
+     * Throw security exception for paths outside the directory.
+     *
+     * @param path The path of the file to check. This path is expected to point to the image
+     *             directory.
+     * @throws SecurityException     Throws SecurityException if the path is not part of the image
+     *                               directory.
+     * @throws FileNotFoundException Throws FileNotFoundException if there is
+     *                               no file associated with the given URI.
+     */
+    private void ensureValidImagePath(File path) throws FileNotFoundException {
+        try {
+            if (!path.getCanonicalPath().startsWith(LOCAL_PATH)) {
+                throw new SecurityException(
+                        "The requested file path is not part of the image directory");
+            }
+        } catch (IOException e) {
+            throw new FileNotFoundException(e.getMessage());
+        }
+    }
 }
diff --git a/src/com/android/gallery3d/ingest/data/MtpClient.java b/src/com/android/gallery3d/ingest/data/MtpClient.java
index cc6c9ce07..3943a6d5c 100644
--- a/src/com/android/gallery3d/ingest/data/MtpClient.java
+++ b/src/com/android/gallery3d/ingest/data/MtpClient.java
@@ -170,7 +170,7 @@ public class MtpClient {
     filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED);
     filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED);
     filter.addAction(ACTION_USB_PERMISSION);
-    context.registerReceiver(mUsbReceiver, filter);
+    context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/);
   }
 
   /**
author	Xin Li <delphij@google.com>	2023-08-28 22:12:23 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-08-28 22:12:23 +0000
commit	3f6a55895b0eadd858d992de52f79767e3d72e29 (patch)
tree	1fb50112beadcba35b1f1d8ec658810fabee54f0
parent	ebafd555591e9992115dc2b4ad3dc89d0bac9579 (diff)
parent	47b43186679e1c6d34943bf8079d1f28caa9e4f8 (diff)
download	Gallery2-tmp_amf_298295554.tar.gz