diff options
author | Jeff Sharkey <jsharkey@android.com> | 2011-10-12 20:42:36 -0700 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2011-10-12 20:42:36 -0700 |
commit | abed26528caa6b3979bbeeabbd56cfb666b08686 (patch) | |
tree | f2328147eda9e40f609268caf2eea73c8efed169 | |
parent | 10582c142763fd0822466b2aa58930d39b7743fc (diff) | |
parent | 35b3fef25fc2509bb59371f0a1d2d2332db62487 (diff) | |
download | android_packages_providers_DownloadProvider-abed26528caa6b3979bbeeabbd56cfb666b08686.tar.gz android_packages_providers_DownloadProvider-abed26528caa6b3979bbeeabbd56cfb666b08686.tar.bz2 android_packages_providers_DownloadProvider-abed26528caa6b3979bbeeabbd56cfb666b08686.zip |
am 35b3fef2: Merge "Check canonical path when download requested."
* commit '35b3fef25fc2509bb59371f0a1d2d2332db62487':
Check canonical path when download requested.
-rw-r--r-- | src/com/android/providers/downloads/DownloadProvider.java | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java index 6b4420f8..02e5d587 100644 --- a/src/com/android/providers/downloads/DownloadProvider.java +++ b/src/com/android/providers/downloads/DownloadProvider.java @@ -44,6 +44,7 @@ import com.google.common.annotations.VisibleForTesting; import java.io.File; import java.io.FileNotFoundException; +import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; @@ -673,13 +674,18 @@ public final class DownloadProvider extends ContentProvider { if (scheme == null || !scheme.equals("file")) { throw new IllegalArgumentException("Not a file URI: " + uri); } - String path = uri.getPath(); + final String path = uri.getPath(); if (path == null) { throw new IllegalArgumentException("Invalid file URI: " + uri); } - String externalPath = Environment.getExternalStorageDirectory().getAbsolutePath(); - if (!path.startsWith(externalPath)) { - throw new SecurityException("Destination must be on external storage: " + uri); + try { + final String canonicalPath = new File(path).getCanonicalPath(); + final String externalPath = Environment.getExternalStorageDirectory().getAbsolutePath(); + if (!canonicalPath.startsWith(externalPath)) { + throw new SecurityException("Destination must be on external storage: " + uri); + } + } catch (IOException e) { + throw new SecurityException("Problem resolving path: " + uri); } } |