diff options
author | Jake Klinker <jklinker@google.com> | 2023-05-10 01:52:58 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-05-10 01:52:58 +0000 |
commit | 5b110f95e9736d7a641c3eabc86f34c3f64e682d (patch) | |
tree | a155e64ce3dcc3ccfaf404c9743ebba74db544ae | |
parent | 6ac4faba3941b2b628e4506e625e0f82b1731fef (diff) | |
parent | 83d5883687919bf2c934f387facf6a7c96efb2d1 (diff) | |
download | Messaging-5b110f95e9736d7a641c3eabc86f34c3f64e682d.tar.gz |
Fix exposing private messages files through attachments with a content URI. am: 0d5452146c am: f5c73b1923 am: 83d5883687
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Messaging/+/23089831
Change-Id: I37c232a6a57edc0cc0d069818787c8c77fe3d00e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | src/com/android/messaging/util/FileUtil.java | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java index 71fbb4b..e7d86f2 100644 --- a/src/com/android/messaging/util/FileUtil.java +++ b/src/com/android/messaging/util/FileUtil.java @@ -20,6 +20,7 @@ import android.content.ContentResolver; import android.content.Context; import android.net.Uri; import android.os.Environment; +import android.os.ParcelFileDescriptor; import android.text.TextUtils; import com.android.messaging.Factory; @@ -28,6 +29,8 @@ import com.google.common.io.Files; import java.io.File; import java.io.IOException; +import java.nio.file.Path; +import java.nio.file.Paths; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; @@ -121,6 +124,10 @@ public class FileUtil { // We're told it's possible to create world readable hardlinks to other apps private data // so we ban all /data file uris. public static boolean isInPrivateDir(Uri uri) { + return isFileUriInPrivateDir(uri) || isContentUriInPrivateDir(uri); + } + + private static boolean isFileUriInPrivateDir(Uri uri) { if (!UriUtil.isFileUri(uri)) { return false; } @@ -128,6 +135,24 @@ public class FileUtil { return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file); } + private static boolean isContentUriInPrivateDir(Uri uri) { + if (!uri.getScheme().equals(ContentResolver.SCHEME_CONTENT)) { + return false; + } + try { + Context context = Factory.get().getApplicationContext(); + ParcelFileDescriptor pfd = context.getContentResolver().openFileDescriptor(uri, "r"); + int fd = pfd.getFd(); + // Use the file descriptor to find out the read file path through symbolic link. + Path fdPath = Paths.get("/proc/self/fd/" + fd); + Path filePath = java.nio.file.Files.readSymbolicLink(fdPath); + pfd.close(); + return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), filePath.toFile()); + } catch (Exception e) { + return false; + } + } + /** * Checks, whether the child directory is the same as, or a sub-directory of the base * directory. |