diff options
| author | Tavis Bohne <tbohne@google.com> | 2016-06-08 16:46:44 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-06-08 16:46:45 +0000 |
| commit | 9de3ed279b308ff6209db2f74539494d60e81271 (patch) | |
| tree | ccf48c407eafde943c9d39f5a02ce8341f66ba36 | |
| parent | f1210c127a4288aa53ec8dd3936a0077c63022eb (diff) | |
| parent | 41f3b673f1f4b4071ef1af180a6397e1318885d3 (diff) | |
| download | android_packages_apps_Messaging-9de3ed279b308ff6209db2f74539494d60e81271.tar.gz android_packages_apps_Messaging-9de3ed279b308ff6209db2f74539494d60e81271.tar.bz2 android_packages_apps_Messaging-9de3ed279b308ff6209db2f74539494d60e81271.zip | |
Merge "Messenger refuses all file:///data/ uris" into nyc-dev
| -rw-r--r-- | src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java | 2 | ||||
| -rw-r--r-- | src/com/android/messaging/util/FileUtil.java | 10 |
2 files changed, 7 insertions, 5 deletions
diff --git a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java index 396f1da..83b7be9 100644 --- a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java +++ b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java @@ -159,7 +159,7 @@ public class ShareIntentActivity extends BaseBugleActivity implements } private void addSharedImagePartToDraft(final String contentType, final Uri imageUri) { - if (FileUtil.isInPrivateDir(getBaseContext(), imageUri)) { + if (FileUtil.isInPrivateDir(imageUri)) { Assert.fail("Cannot send private file " + imageUri.toString()); } else { mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType, diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java index f8051ed..e35e79b 100644 --- a/src/com/android/messaging/util/FileUtil.java +++ b/src/com/android/messaging/util/FileUtil.java @@ -19,6 +19,7 @@ package com.android.messaging.util; import android.content.ContentResolver; import android.content.Context; import android.net.Uri; +import android.os.Environment; import android.text.TextUtils; import android.webkit.MimeTypeMap; @@ -123,14 +124,15 @@ public class FileUtil { return TextUtils.equals(uri.getScheme(), ContentResolver.SCHEME_FILE); } - // Checks if the file is in /data/data/com.android.messaging - // The other app folders are either symlinks to this, or hold non-private data like binaries. - public static boolean isInPrivateDir(Context context, Uri uri) { + // Checks if the file is in /data, and don't allow any app to send personal information. + // We're told it's possible to create world readable hardlinks to other apps private data + // so we ban all /data file uris. + public static boolean isInPrivateDir(Uri uri) { if (!isFileUri(uri)) { return false; } final File file = new File(uri.getPath()); - return FileUtil.isSameOrSubDirectory(new File(context.getApplicationInfo().dataDir), file); + return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file); } /** |