diff options
author | Ekin Oguz <ekinoguz@google.com> | 2016-12-05 23:28:14 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-12-05 23:28:14 +0000 |
commit | a75020d4c77f52b2b22742be7ca26c26766ebd90 (patch) | |
tree | e9dba5f58ac72c86e8ce6377c3e38660c0bbb6f6 | |
parent | 96d90945c6a9b7ac03661c75939fbaf18d2cd45b (diff) | |
parent | 71d106437296bc3a331c444c83d504c89c1465ba (diff) | |
download | android_packages_apps_UnifiedEmail-a75020d4c77f52b2b22742be7ca26c26766ebd90.tar.gz android_packages_apps_UnifiedEmail-a75020d4c77f52b2b22742be7ca26c26766ebd90.tar.bz2 android_packages_apps_UnifiedEmail-a75020d4c77f52b2b22742be7ca26c26766ebd90.zip |
Don't allow file attachment from /data through GET_CONTENT. am: 9edf71dbe4
am: 71d1064372
Change-Id: I07f79e61fee4320ddd823fc22c4c62b681eb9713
-rw-r--r-- | src/com/android/mail/compose/ComposeActivity.java | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/src/com/android/mail/compose/ComposeActivity.java b/src/com/android/mail/compose/ComposeActivity.java index aa1b853b1..4c069c187 100644 --- a/src/com/android/mail/compose/ComposeActivity.java +++ b/src/com/android/mail/compose/ComposeActivity.java @@ -1586,23 +1586,7 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi final Uri uri = Uri.parse(uriString); long size = 0; try { - if ("file".equals(uri.getScheme())) { - // We don't allow files from /data, since they can be hard-linked to - // Email private data. - final File file = new File(uri.getPath()); - try { - final String filePath = file.getCanonicalPath(); - if (filePath.startsWith(DATA_DIRECTORY_ROOT)) { - Analytics.getInstance().sendEvent(ANALYTICS_CATEGORY_ERRORS, - "send_intent_attachment", "data_dir", 0); - throw new AttachmentFailureException("Not allowed to attach " - + "file:///data/[REDACTED] in application internal data"); - } - } catch (IOException e) { - throw new AttachmentFailureException("Failed to get file path", e); - } - } - + checkInternalFile(uri); final Attachment a = mAttachmentsView.generateLocalAttachment(uri); size = mAttachmentsView.addAttachment(mAccount, a); @@ -1717,6 +1701,7 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi return; } try { + checkInternalFile(contentUri); addAttachmentAndUpdateView(mAttachmentsView.generateLocalAttachment(contentUri)); } catch (AttachmentFailureException e) { LogUtils.e(LOG_TAG, e, "Error adding attachment"); @@ -1740,6 +1725,31 @@ public class ComposeActivity extends Activity implements OnClickListener, OnNavi } } + /** + * Checks whether {@code uri} is a file under private /data folder. We + * don't allow files from /data, since they can be hard-linked to Email + * private data. + * + * @param uri Uri of the resource which will be checked + * @throws AttachmentFailureException if {@code uri} is a file from /data + */ + private void checkInternalFile(Uri uri) throws AttachmentFailureException { + if ("file".equals(uri.getScheme())) { + final File file = new File(uri.getPath()); + try { + final String filePath = file.getCanonicalPath(); + if (filePath.startsWith(DATA_DIRECTORY_ROOT)) { + Analytics.getInstance().sendEvent(ANALYTICS_CATEGORY_ERRORS, + "send_intent_attachment", "data_dir", 0); + throw new AttachmentFailureException("Not allowed to attach " + + "file:///data/[REDACTED] in application internal data"); + } + } catch (IOException e) { + throw new AttachmentFailureException("Failed to get file path", e); + } + } + } + void initRecipientsFromRefMessage(Message refMessage, int action) { // Don't populate the address if this is a forward. if (action == ComposeActivity.FORWARD) { |