diff options
author | Ekin Oguz <ekinoguz@google.com> | 2016-11-28 14:02:08 -0800 |
---|---|---|
committer | Ekin Oguz <ekinoguz@google.com> | 2016-11-28 14:30:10 -0800 |
commit | 9edf71dbe4d1f7ffef90be9ea8b01e506cba41bd (patch) | |
tree | 950b8ed49bd3802c79b098cb102f2678a0fe5ab8 | |
parent | 21483a4a65a82563ed4248cef567f547c7446687 (diff) | |
download | android_packages_apps_UnifiedEmail-9edf71dbe4d1f7ffef90be9ea8b01e506cba41bd.tar.gz android_packages_apps_UnifiedEmail-9edf71dbe4d1f7ffef90be9ea8b01e506cba41bd.tar.bz2 android_packages_apps_UnifiedEmail-9edf71dbe4d1f7ffef90be9ea8b01e506cba41bd.zip |
Don't allow file attachment from /data through GET_CONTENT.
A custom picker can be used to attach files to Compose activity. With
this change, we are disallowing files belonging to file:///data/... to
be attached from custom pickers, in order not to expose internal
application data.
If the Intent Uri is a "file" and the file is in
`Environment.getDataDirectory()`, then throw a AttachmentFailureException
which is caught immediately and shows a toast to the user.
Details b/31494146#comment13
Fix b/32615212
Change-Id: Icb4ffa854eb2de547bbcd14db1bcf9efed24c804
-rw-r--r-- | src/com/android/mail/compose/ComposeActivity.java | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/src/com/android/mail/compose/ComposeActivity.java b/src/com/android/mail/compose/ComposeActivity.java index aa1b853b1..4c069c187 100644 --- a/src/com/android/mail/compose/ComposeActivity.java +++ b/src/com/android/mail/compose/ComposeActivity.java @@ -1586,23 +1586,7 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi final Uri uri = Uri.parse(uriString); long size = 0; try { - if ("file".equals(uri.getScheme())) { - // We don't allow files from /data, since they can be hard-linked to - // Email private data. - final File file = new File(uri.getPath()); - try { - final String filePath = file.getCanonicalPath(); - if (filePath.startsWith(DATA_DIRECTORY_ROOT)) { - Analytics.getInstance().sendEvent(ANALYTICS_CATEGORY_ERRORS, - "send_intent_attachment", "data_dir", 0); - throw new AttachmentFailureException("Not allowed to attach " - + "file:///data/[REDACTED] in application internal data"); - } - } catch (IOException e) { - throw new AttachmentFailureException("Failed to get file path", e); - } - } - + checkInternalFile(uri); final Attachment a = mAttachmentsView.generateLocalAttachment(uri); size = mAttachmentsView.addAttachment(mAccount, a); @@ -1717,6 +1701,7 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi return; } try { + checkInternalFile(contentUri); addAttachmentAndUpdateView(mAttachmentsView.generateLocalAttachment(contentUri)); } catch (AttachmentFailureException e) { LogUtils.e(LOG_TAG, e, "Error adding attachment"); @@ -1740,6 +1725,31 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi } } + /** + * Checks whether {@code uri} is a file under private /data folder. We + * don't allow files from /data, since they can be hard-linked to Email + * private data. + * + * @param uri Uri of the resource which will be checked + * @throws AttachmentFailureException if {@code uri} is a file from /data + */ + private void checkInternalFile(Uri uri) throws AttachmentFailureException { + if ("file".equals(uri.getScheme())) { + final File file = new File(uri.getPath()); + try { + final String filePath = file.getCanonicalPath(); + if (filePath.startsWith(DATA_DIRECTORY_ROOT)) { + Analytics.getInstance().sendEvent(ANALYTICS_CATEGORY_ERRORS, + "send_intent_attachment", "data_dir", 0); + throw new AttachmentFailureException("Not allowed to attach " + + "file:///data/[REDACTED] in application internal data"); + } + } catch (IOException e) { + throw new AttachmentFailureException("Failed to get file path", e); + } + } + } + void initRecipientsFromRefMessage(Message refMessage, int action) { // Don't populate the address if this is a forward. if (action == ComposeActivity.FORWARD) { |