DO NOT MERGE. Use resolved path when inserting and deleting.

am: 600d3afcc3 * commit '600d3afcc3cbe2a9c3f44eda66bec806709c20e8': DO NOT MERGE. Use resolved path when inserting and deleting.
author: Jeff Sharkey <jsharkey@android.com> 2016-02-18 19:36:41 +0000
committer: android-build-merger <android-build-merger@google.com> 2016-02-18 19:36:41 +0000
commit: dee8c810c8edbb90e43db69a4ed1b7d2ee375d07 (patch)
tree: 60177ae15d137d7bfe46adfda9ab41ffbf661fa8
parent: fdf77d88dca6e6ffa84b0c46dcc512d968fd5f0f (diff)
parent: 600d3afcc3cbe2a9c3f44eda66bec806709c20e8 (diff)
download: android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.tar.gz
android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.tar.bz2
android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.zip
1 files changed, 15 insertions, 5 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 620085fc..d9acc789 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -715,7 +715,13 @@ public final class DownloadProvider extends ContentProvider {
             throw new IllegalArgumentException("Invalid file URI: " + uri);
         }
 
-        final File file = new File(path);
+        final File file;
+        try {
+            file = new File(path).getCanonicalFile();
+        } catch (IOException e) {
+            throw new SecurityException(e);
+        }
+
         if (Helpers.isFilenameValidInExternalPackage(getContext(), file, getCallingPackage())) {
             // No permissions required for paths belonging to calling package
             return;
@@ -1191,10 +1197,14 @@ public final class DownloadProvider extends ContentProvider {
 
                         final String path = cursor.getString(1);
                         if (!TextUtils.isEmpty(path)) {
-                            final File file = new File(path);
-                            if (Helpers.isFilenameValid(getContext(), file)) {
-                                Log.v(Constants.TAG, "Deleting " + file + " via provider delete");
-                                file.delete();
+                            try {
+                                final File file = new File(path).getCanonicalFile();
+                                if (Helpers.isFilenameValid(getContext(), file)) {
+                                    Log.v(Constants.TAG,
+                                            "Deleting " + file + " via provider delete");
+                                    file.delete();
+                                }
+                            } catch (IOException ignored) {
                             }
                         }
                     }
author	Jeff Sharkey <jsharkey@android.com>	2016-02-18 19:36:41 +0000
committer	android-build-merger <android-build-merger@google.com>	2016-02-18 19:36:41 +0000
commit	dee8c810c8edbb90e43db69a4ed1b7d2ee375d07 (patch)
tree	60177ae15d137d7bfe46adfda9ab41ffbf661fa8
parent	fdf77d88dca6e6ffa84b0c46dcc512d968fd5f0f (diff)
parent	600d3afcc3cbe2a9c3f44eda66bec806709c20e8 (diff)
download	android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.tar.gz android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.tar.bz2 android_packages_providers_DownloadProvider-dee8c810c8edbb90e43db69a4ed1b7d2ee375d07.zip