diff options
| author | Presubmit Automerger Backend <android-build-presubmit-automerger-backend@system.gserviceaccount.com> | 2023-05-09 14:00:58 +0000 |
|---|---|---|
| committer | Presubmit Automerger Backend <android-build-presubmit-automerger-backend@system.gserviceaccount.com> | 2023-05-09 14:00:58 +0000 |
| commit | 749732f47bbdaec818ad2dd3a037f0c5bf91edb7 (patch) | |
| tree | a155e64ce3dcc3ccfaf404c9743ebba74db544ae | |
| parent | 6ac4faba3941b2b628e4506e625e0f82b1731fef (diff) | |
| parent | 471c3e93205919a8e597fc5bf5e98ac770422a2f (diff) | |
| download | Messaging-749732f47bbdaec818ad2dd3a037f0c5bf91edb7.tar.gz | |
[automerge] Fix exposing private messages files through attachments with a content URI. 2p: 0d5452146c 2p: 471c3e9320
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Messaging/+/23089831
Bug: 275552292
Change-Id: I48af374ac45d21758789153013278d68290ee701
| -rw-r--r-- | src/com/android/messaging/util/FileUtil.java | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java index 71fbb4b..e7d86f2 100644 --- a/src/com/android/messaging/util/FileUtil.java +++ b/src/com/android/messaging/util/FileUtil.java @@ -20,6 +20,7 @@ import android.content.ContentResolver; import android.content.Context; import android.net.Uri; import android.os.Environment; +import android.os.ParcelFileDescriptor; import android.text.TextUtils; import com.android.messaging.Factory; @@ -28,6 +29,8 @@ import com.google.common.io.Files; import java.io.File; import java.io.IOException; +import java.nio.file.Path; +import java.nio.file.Paths; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; @@ -121,6 +124,10 @@ public class FileUtil { // We're told it's possible to create world readable hardlinks to other apps private data // so we ban all /data file uris. public static boolean isInPrivateDir(Uri uri) { + return isFileUriInPrivateDir(uri) || isContentUriInPrivateDir(uri); + } + + private static boolean isFileUriInPrivateDir(Uri uri) { if (!UriUtil.isFileUri(uri)) { return false; } @@ -128,6 +135,24 @@ public class FileUtil { return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file); } + private static boolean isContentUriInPrivateDir(Uri uri) { + if (!uri.getScheme().equals(ContentResolver.SCHEME_CONTENT)) { + return false; + } + try { + Context context = Factory.get().getApplicationContext(); + ParcelFileDescriptor pfd = context.getContentResolver().openFileDescriptor(uri, "r"); + int fd = pfd.getFd(); + // Use the file descriptor to find out the read file path through symbolic link. + Path fdPath = Paths.get("/proc/self/fd/" + fd); + Path filePath = java.nio.file.Files.readSymbolicLink(fdPath); + pfd.close(); + return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), filePath.toFile()); + } catch (Exception e) { + return false; + } + } + /** * Checks, whether the child directory is the same as, or a sub-directory of the base * directory. |