diff options
| author | Tavis Bohne <tbohne@google.com> | 2016-04-28 14:03:37 -0700 |
|---|---|---|
| committer | Tavis Bohne <tbohne@google.com> | 2016-04-29 14:39:59 -0700 |
| commit | 30fb3385393aafd3463811f8e88e04a08b157f67 (patch) | |
| tree | 278793d0e3679f7cf5f63e9e5ab7b5e3a384c281 | |
| parent | 7fe2fc9b2fa68bfcbabddaa96c04972bf5d297ba (diff) | |
| download | android_packages_apps_Messaging-30fb3385393aafd3463811f8e88e04a08b157f67.tar.gz android_packages_apps_Messaging-30fb3385393aafd3463811f8e88e04a08b157f67.tar.bz2 android_packages_apps_Messaging-30fb3385393aafd3463811f8e88e04a08b157f67.zip | |
Messaging doesn't allow sharing of its own files
-Previously, Messaging allowed sharing of any file it had permission
to reach. This meant that bad apps could share a link to
file:///data/data/com.android.messaging/databases/bugle_db
and Messaging would happily send all this sensitive information to
the target. Worse, a bad app could share a softlink to this file,
where the symlink was picture.jpg with the image/jpg type.
-Now, when sanitizing attachments, we make sure any filepaths don't
lead to any Bugle-specific directories.
-getApplicationInfo().dataDir is a symlink to
/data/data/com.android.messaging, and appears to be the
only directory where we store personal data.
-Most apps share as contentUris, including Messaging, so Messaging
can still share to itself.
Change-Id: Ic464bc1f099029a030793c478aaf88b957d8bad1
Fixes:28076752
| -rw-r--r-- | src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java | 9 | ||||
| -rw-r--r-- | src/com/android/messaging/util/FileUtil.java | 17 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java index ef7fcef..396f1da 100644 --- a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java +++ b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java @@ -34,6 +34,7 @@ import com.android.messaging.util.Assert; import com.android.messaging.util.ContentType; import com.android.messaging.util.LogUtil; import com.android.messaging.util.MediaMetadataRetrieverWrapper; +import com.android.messaging.util.FileUtil; import java.io.IOException; import java.util.ArrayList; @@ -158,8 +159,12 @@ public class ShareIntentActivity extends BaseBugleActivity implements } private void addSharedImagePartToDraft(final String contentType, final Uri imageUri) { - mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType, - imageUri)); + if (FileUtil.isInPrivateDir(getBaseContext(), imageUri)) { + Assert.fail("Cannot send private file " + imageUri.toString()); + } else { + mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType, + imageUri)); + } } @Override diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java index 7c47ae9..f8051ed 100644 --- a/src/com/android/messaging/util/FileUtil.java +++ b/src/com/android/messaging/util/FileUtil.java @@ -16,7 +16,10 @@ package com.android.messaging.util; +import android.content.ContentResolver; import android.content.Context; +import android.net.Uri; +import android.text.TextUtils; import android.webkit.MimeTypeMap; import com.android.messaging.Factory; @@ -116,6 +119,20 @@ public class FileUtil { } } + private static boolean isFileUri(final Uri uri) { + return TextUtils.equals(uri.getScheme(), ContentResolver.SCHEME_FILE); + } + + // Checks if the file is in /data/data/com.android.messaging + // The other app folders are either symlinks to this, or hold non-private data like binaries. + public static boolean isInPrivateDir(Context context, Uri uri) { + if (!isFileUri(uri)) { + return false; + } + final File file = new File(uri.getPath()); + return FileUtil.isSameOrSubDirectory(new File(context.getApplicationInfo().dataDir), file); + } + /** * Checks, whether the child directory is the same as, or a sub-directory of the base * directory. |