diff options
author | Ruchi Kandoi <kandoiruchi@google.com> | 2017-06-02 15:01:27 -0700 |
---|---|---|
committer | Harry Youd <harry@harryyoud.co.uk> | 2017-09-20 20:04:03 +0000 |
commit | 1e1c537b8fedb73b07fc1cdbeebe535291fc448f (patch) | |
tree | a27eb3dd3b4b9c773f934154d6c0953d43c87b4a | |
parent | 0d2f1ccac4d38588e50aa525ccf9a131b612075f (diff) | |
download | android_packages_apps_Nfc-1e1c537b8fedb73b07fc1cdbeebe535291fc448f.tar.gz android_packages_apps_Nfc-1e1c537b8fedb73b07fc1cdbeebe535291fc448f.tar.bz2 android_packages_apps_Nfc-1e1c537b8fedb73b07fc1cdbeebe535291fc448f.zip |
Add READ_EXTERNAL_STORAGE for file based Uri while beaming.replicant-6.0-0003
Test: PoC application
Bug: 37287958
Change-Id: I7f5a2f32a053f0448726aec9f8b524f914c0d8df
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
(cherry picked from commit dc54140e12f441c9d7c1b5be5337d6b16bfa32e4)
CVE-2017-0784
-rw-r--r-- | src/com/android/nfc/BeamShareActivity.java | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/com/android/nfc/BeamShareActivity.java b/src/com/android/nfc/BeamShareActivity.java index cff601cf..6eb5d24b 100644 --- a/src/com/android/nfc/BeamShareActivity.java +++ b/src/com/android/nfc/BeamShareActivity.java @@ -19,6 +19,8 @@ package com.android.nfc; import java.util.ArrayList; import android.app.Activity; +import android.app.ActivityManager; +import android.app.ActivityManagerNative; import android.app.AlertDialog; import android.content.BroadcastReceiver; import android.content.Context; @@ -26,6 +28,7 @@ import android.content.DialogInterface; import android.content.ClipData; import android.content.Intent; import android.content.IntentFilter; +import android.content.pm.PackageManager; import android.net.Uri; import android.nfc.BeamShareData; import android.nfc.NdefMessage; @@ -33,8 +36,11 @@ import android.nfc.NdefRecord; import android.nfc.NfcAdapter; import android.os.Bundle; import android.os.UserHandle; +import android.os.RemoteException; import android.util.Log; +import android.util.EventLog; import android.webkit.URLUtil; +import android.Manifest.permission; import com.android.internal.R; @@ -196,16 +202,26 @@ public class BeamShareActivity extends Activity { int numValidUris = 0; for (Uri uri : mUris) { try { + int uid = ActivityManagerNative.getDefault().getLaunchedFromUid(getActivityToken()); + if (uri.getScheme().equalsIgnoreCase("file") && + getApplicationContext().checkPermission(permission.READ_EXTERNAL_STORAGE, -1, uid) != + PackageManager.PERMISSION_GRANTED) { + Log.e(TAG, "File based Uri doesn't have External Storage Permission."); + EventLog.writeEvent(0x534e4554, "37287958", uid, uri.getPath()); + break; + } grantUriPermission("com.android.nfc", uri, Intent.FLAG_GRANT_READ_URI_PERMISSION); uriArray[numValidUris++] = uri; if (DBG) Log.d(TAG, "Found uri: " + uri); } catch (SecurityException e) { Log.e(TAG, "Security exception granting uri permission to NFC process."); - numValidUris = 0; + break; + } catch (RemoteException e) { + Log.e(TAG, "Remote exception accessing uid of the calling process."); break; } } - if (numValidUris > 0) { + if (numValidUris != 0 && numValidUris == mUris.size()) { shareData = new BeamShareData(null, uriArray, myUserHandle, 0); } else { // No uris left |