diff options
Diffstat (limited to 'src/com/android/providers/contacts/CallLogProvider.java')
-rw-r--r-- | src/com/android/providers/contacts/CallLogProvider.java | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/src/com/android/providers/contacts/CallLogProvider.java b/src/com/android/providers/contacts/CallLogProvider.java index c832e9b4..991413eb 100644 --- a/src/com/android/providers/contacts/CallLogProvider.java +++ b/src/com/android/providers/contacts/CallLogProvider.java @@ -52,12 +52,15 @@ import android.telecom.TelecomManager; import android.telephony.TelephonyManager; import android.text.TextUtils; import android.util.ArrayMap; +import android.util.EventLog; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ProviderAccessStats; import com.android.providers.contacts.CallLogDatabaseHelper.DbProperties; import com.android.providers.contacts.CallLogDatabaseHelper.Tables; +import com.android.providers.contacts.util.FileUtilities; +import com.android.providers.contacts.util.NeededForTesting; import com.android.providers.contacts.util.SelectionBuilder; import com.android.providers.contacts.util.UserUtils; @@ -651,6 +654,7 @@ public class CallLogProvider extends ContentProvider { throw new FileNotFoundException(uri.toString() + " does not correspond to a valid file."); } + enforceValidCallLogPath(callComposerDir, pictureFile,"openFile"); return ParcelFileDescriptor.open(pictureFile.toFile(), modeInt); } catch (IOException e) { Log.e(TAG, "IOException while opening call composer file: " + e); @@ -764,6 +768,8 @@ public class CallLogProvider extends ContentProvider { return null; } Path pathToFile = pathToCallComposerDir.resolve(fileName); + enforceValidCallLogPath(pathToCallComposerDir, pathToFile, + "allocateNewCallComposerPicture"); Files.createFile(pathToFile); if (forAllUsers) { @@ -777,10 +783,10 @@ public class CallLogProvider extends ContentProvider { private int deleteCallComposerPicture(Uri uri) { try { Path pathToCallComposerDir = getCallComposerPictureDirectory(getContext(), uri); - String fileName = uri.getLastPathSegment(); - boolean successfulDelete = - Files.deleteIfExists(pathToCallComposerDir.resolve(fileName)); - return successfulDelete ? 1 : 0; + Path fileToDelete = pathToCallComposerDir.resolve(uri.getLastPathSegment()); + enforceValidCallLogPath(pathToCallComposerDir, fileToDelete, + "deleteCallComposerPicture"); + return Files.deleteIfExists(fileToDelete) ? 1 : 0; } catch (IOException e) { Log.e(TAG, "IOException encountered deleting the call composer pics dir " + e); return 0; @@ -1045,8 +1051,9 @@ public class CallLogProvider extends ContentProvider { for (Uri uri : urisToCopy) { try { Uri uriWithUser = ContentProvider.maybeAddUserId(uri, sourceUserId); - Path newFilePath = getCallComposerPictureDirectory(getContext(), false) - .resolve(uri.getLastPathSegment()); + Path callComposerDir = getCallComposerPictureDirectory(getContext(), false); + Path newFilePath = callComposerDir.resolve(uri.getLastPathSegment()); + enforceValidCallLogPath(callComposerDir, newFilePath,"syncCallComposerPics"); try (ParcelFileDescriptor remoteFile = contentResolver.openFile(uriWithUser, "r", null); OutputStream localOut = @@ -1221,4 +1228,19 @@ public class CallLogProvider extends ContentProvider { public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { mStats.dump(writer, " "); } + + /** + * Enforces a stricter check on what files the CallLogProvider can perform file operations on. + * @param rootPath where all valid new/existing paths should pass through. + * @param pathToCheck newly created path that is requesting a file op. (open, delete, etc.) + * @param callingMethod the calling method. Used only for debugging purposes. + */ + private void enforceValidCallLogPath(Path rootPath, Path pathToCheck, String callingMethod){ + if (!FileUtilities.isSameOrSubDirectory(rootPath.toFile(), pathToCheck.toFile())) { + EventLog.writeEvent(0x534e4554, "219015884", Binder.getCallingUid(), + (callingMethod + ": invalid uri passed")); + throw new SecurityException( + FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE + pathToCheck); + } + } } |