Canonicalise path before extracting relative path

This helps us make accurate access checks on the given path. Bug: 228833816 Bug: 228450832 Test: atest FileUtilsTest Test: atest LegacyStorageHostTest Change-Id: Id620644ffdfe20e9281773e2e23851c56732dd11 Merged-In: Id620644ffdfe20e9281773e2e23851c56732dd11 (cherry picked from commit 93f5186e4b4a044e00a168c55e05fd3835033221)
author: Abhijeet Kaur <abkaur@google.com> 2022-11-23 08:47:27 +0000
committer: Abhijeet Kaur <abkaur@google.com> 2023-01-11 14:18:36 +0000
commit: 0f59f42685f186fd207355c01c580038436713ba (patch)
tree: f74e568626c466ef5b94aedc5fd4821612628f75
parent: 15d5403a297f56311ed4c241539c89a94a927563 (diff)
download: MediaProvider-0f59f42685f186fd207355c01c580038436713ba.tar.gz
2 files changed, 22 insertions, 0 deletions
diff --git a/src/com/android/providers/media/util/FileUtils.java b/src/com/android/providers/media/util/FileUtils.java
index 69b22e5b1..6a0496e61 100644
--- a/src/com/android/providers/media/util/FileUtils.java
+++ b/src/com/android/providers/media/util/FileUtils.java
@@ -957,7 +957,9 @@ public class FileUtils {
     }
 
     public static @Nullable String extractRelativePath(@Nullable String data) {
+        data = getCanonicalPath(data);
         if (data == null) return null;
+
         final Matcher matcher = PATTERN_RELATIVE_PATH.matcher(data);
         if (matcher.find()) {
             final int lastSlash = data.lastIndexOf('/');
@@ -1331,4 +1333,16 @@ public class FileUtils {
         }
         return status;
     }
+
+    @Nullable
+    private static String getCanonicalPath(@Nullable String path) {
+        if (path == null) return null;
+
+        try {
+            return new File(path).getCanonicalPath();
+        } catch (IOException e) {
+            Log.d(TAG, "Unable to get canonical path from invalid data path: " + path, e);
+            return null;
+        }
+    }
 }
diff --git a/tests/src/com/android/providers/media/util/FileUtilsTest.java b/tests/src/com/android/providers/media/util/FileUtilsTest.java
index 6b120c079..b6124e0d8 100644
--- a/tests/src/com/android/providers/media/util/FileUtilsTest.java
+++ b/tests/src/com/android/providers/media/util/FileUtilsTest.java
@@ -459,7 +459,15 @@ public class FileUtilsTest {
                     extractRelativePath(prefix + "DCIM/foo.jpg"));
             assertEquals("DCIM/My Vacation/",
                     extractRelativePath(prefix + "DCIM/My Vacation/foo.jpg"));
+            assertEquals("Pictures/",
+                    extractRelativePath(prefix + "DCIM/../Pictures/.//foo.jpg"));
+            assertEquals("/",
+                    extractRelativePath(prefix + "DCIM/Pictures/./..//..////foo.jpg"));
+            assertEquals("Android/data/",
+                    extractRelativePath(prefix + "DCIM/foo.jpg/.//../../Android/data/poc"));
         }
+
+        assertEquals(null, extractRelativePath("/sdcard/\\\u0000"));
     }
 
     @Test
author	Abhijeet Kaur <abkaur@google.com>	2022-11-23 08:47:27 +0000
committer	Abhijeet Kaur <abkaur@google.com>	2023-01-11 14:18:36 +0000
commit	0f59f42685f186fd207355c01c580038436713ba (patch)
tree	f74e568626c466ef5b94aedc5fd4821612628f75
parent	15d5403a297f56311ed4c241539c89a94a927563 (diff)
download	MediaProvider-0f59f42685f186fd207355c01c580038436713ba.tar.gz