diff options
author | Tavis Bohne <tbohne@google.com> | 2016-06-08 17:03:13 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-06-08 17:03:13 +0000 |
commit | d112c795ac1ce07d799f470cb8e7ec50efd3f340 (patch) | |
tree | ccf48c407eafde943c9d39f5a02ce8341f66ba36 | |
parent | 5159305b99d1b1e88687b4b17abb694fa884c8c2 (diff) | |
parent | 9de3ed279b308ff6209db2f74539494d60e81271 (diff) | |
download | android_packages_apps_Messaging-d112c795ac1ce07d799f470cb8e7ec50efd3f340.tar.gz android_packages_apps_Messaging-d112c795ac1ce07d799f470cb8e7ec50efd3f340.tar.bz2 android_packages_apps_Messaging-d112c795ac1ce07d799f470cb8e7ec50efd3f340.zip |
Merge \"Messenger refuses all file:///data/ uris\" into nyc-dev
am: 9de3ed279b
Change-Id: I2cd79e2d428e421b9159a9e7a665d536ee9b741b
-rw-r--r-- | src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java | 2 | ||||
-rw-r--r-- | src/com/android/messaging/util/FileUtil.java | 10 |
2 files changed, 7 insertions, 5 deletions
diff --git a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java index 396f1da..83b7be9 100644 --- a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java +++ b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java @@ -159,7 +159,7 @@ public class ShareIntentActivity extends BaseBugleActivity implements } private void addSharedImagePartToDraft(final String contentType, final Uri imageUri) { - if (FileUtil.isInPrivateDir(getBaseContext(), imageUri)) { + if (FileUtil.isInPrivateDir(imageUri)) { Assert.fail("Cannot send private file " + imageUri.toString()); } else { mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType, diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java index f8051ed..e35e79b 100644 --- a/src/com/android/messaging/util/FileUtil.java +++ b/src/com/android/messaging/util/FileUtil.java @@ -19,6 +19,7 @@ package com.android.messaging.util; import android.content.ContentResolver; import android.content.Context; import android.net.Uri; +import android.os.Environment; import android.text.TextUtils; import android.webkit.MimeTypeMap; @@ -123,14 +124,15 @@ public class FileUtil { return TextUtils.equals(uri.getScheme(), ContentResolver.SCHEME_FILE); } - // Checks if the file is in /data/data/com.android.messaging - // The other app folders are either symlinks to this, or hold non-private data like binaries. - public static boolean isInPrivateDir(Context context, Uri uri) { + // Checks if the file is in /data, and don't allow any app to send personal information. + // We're told it's possible to create world readable hardlinks to other apps private data + // so we ban all /data file uris. + public static boolean isInPrivateDir(Uri uri) { if (!isFileUri(uri)) { return false; } final File file = new File(uri.getPath()); - return FileUtil.isSameOrSubDirectory(new File(context.getApplicationInfo().dataDir), file); + return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file); } /** |