diff options
author | Jessica Wagantall <jwagantall@cyngn.com> | 2016-04-05 12:00:53 -0700 |
---|---|---|
committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-04-05 12:00:53 -0700 |
commit | a782307281a2a71e0d71535c9fbf4d8f662b76cf (patch) | |
tree | 8d691aeb5cf605aaa9707dc23a66266b65d19cb6 | |
parent | ed04a8afbff566728c36806ef012378889267d7b (diff) | |
parent | 408917ea08165874edc2354e61cd6d5c2c95cea4 (diff) | |
download | android_packages_providers_DownloadProvider-a782307281a2a71e0d71535c9fbf4d8f662b76cf.tar.gz android_packages_providers_DownloadProvider-a782307281a2a71e0d71535c9fbf4d8f662b76cf.tar.bz2 android_packages_providers_DownloadProvider-a782307281a2a71e0d71535c9fbf4d8f662b76cf.zip |
Merge tag 'android-6.0.1_r24' into HEAD
Ticket: CYNGNOS-2213
Android 6.0.1 release 24
-rw-r--r-- | src/com/android/providers/downloads/DownloadProvider.java | 30 | ||||
-rw-r--r-- | src/com/android/providers/downloads/Helpers.java | 4 |
2 files changed, 23 insertions, 11 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java index 94e5a997..d9acc789 100644 --- a/src/com/android/providers/downloads/DownloadProvider.java +++ b/src/com/android/providers/downloads/DownloadProvider.java @@ -715,7 +715,13 @@ public final class DownloadProvider extends ContentProvider { throw new IllegalArgumentException("Invalid file URI: " + uri); } - final File file = new File(path); + final File file; + try { + file = new File(path).getCanonicalFile(); + } catch (IOException e) { + throw new SecurityException(e); + } + if (Helpers.isFilenameValidInExternalPackage(getContext(), file, getCallingPackage())) { // No permissions required for paths belonging to calling package return; @@ -1191,10 +1197,14 @@ public final class DownloadProvider extends ContentProvider { final String path = cursor.getString(1); if (!TextUtils.isEmpty(path)) { - final File file = new File(path); - if (Helpers.isFilenameValid(getContext(), file)) { - Log.v(Constants.TAG, "Deleting " + file + " via provider delete"); - file.delete(); + try { + final File file = new File(path).getCanonicalFile(); + if (Helpers.isFilenameValid(getContext(), file)) { + Log.v(Constants.TAG, + "Deleting " + file + " via provider delete"); + file.delete(); + } + } catch (IOException ignored) { } } } @@ -1260,9 +1270,15 @@ public final class DownloadProvider extends ContentProvider { throw new FileNotFoundException("No filename found."); } - final File file = new File(path); + final File file; + try { + file = new File(path).getCanonicalFile(); + } catch (IOException e) { + throw new FileNotFoundException(e.getMessage()); + } + if (!Helpers.isFilenameValid(getContext(), file)) { - throw new FileNotFoundException("Invalid file: " + file); + throw new FileNotFoundException("Invalid file path: " + file); } final int pfdMode = ParcelFileDescriptor.parseMode(mode); diff --git a/src/com/android/providers/downloads/Helpers.java b/src/com/android/providers/downloads/Helpers.java index d1cc5450..d01cbff2 100644 --- a/src/com/android/providers/downloads/Helpers.java +++ b/src/com/android/providers/downloads/Helpers.java @@ -357,8 +357,6 @@ public class Helpers { static boolean isFilenameValidInExternalPackage(Context context, File file, String packageName) { try { - file = file.getCanonicalFile(); - if (containsCanonical(buildExternalStorageAppFilesDirs(packageName), file) || containsCanonical(buildExternalStorageAppObbDirs(packageName), file) || containsCanonical(buildExternalStorageAppCacheDirs(packageName), file) || @@ -380,8 +378,6 @@ public class Helpers { */ static boolean isFilenameValid(Context context, File file, boolean allowInternal) { try { - file = file.getCanonicalFile(); - if (allowInternal) { if (containsCanonical(context.getFilesDir(), file) || containsCanonical(context.getCacheDir(), file) |