Merge conflict--DO NOT MERGE. Use resolved path for both checking and opening.

This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I0dcc41c94dfede2d5dc75031191605944be2e595
author: Jeff Sharkey <jsharkey@android.com> 2016-01-07 14:15:59 -0700
committer: SteadyQuad <SteadyQuad@gmail.com> 2016-04-17 02:57:22 +0200
commit: 32e542594c7dcdab5df96ff2edcf90f083d57ef4 (patch)
tree: bcc71ea4e10f98eed0c6832d5114684ca6892848 /src/com/android/providers/downloads/DownloadProvider.java
parent: 078607f9d636abf552ce851c896f2d95503a37e0 (diff)
download: android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.tar.gz
android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.tar.bz2
android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.zip
1 files changed, 10 insertions, 4 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 25d59014..5995a083 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -875,7 +875,7 @@ public final class DownloadProvider extends ContentProvider {
             if (projection == null) {
                 projection = sAppReadableColumnsArray.clone();
             } else {
-                // check the validity of the columns in projection 
+                // check the validity of the columns in projection
                 for (int i = 0; i < projection.length; ++i) {
                     if (!sAppReadableColumnsSet.contains(projection[i]) &&
                             !downloadManagerColumnsList.contains(projection[i])) {
@@ -1221,11 +1221,17 @@ public final class DownloadProvider extends ContentProvider {
         if (path == null) {
             throw new FileNotFoundException("No filename found.");
         }
-        if (!Helpers.isFilenameValid(getContext(), path, mDownloadsDataDir)) {
-            throw new FileNotFoundException("Invalid filename: " + path);
+
+        final File file;
+        try {
+            file = new File(path).getCanonicalFile();
+        } catch (IOException e) {
+            throw new FileNotFoundException(e.getMessage());
         }
 
-        final File file = new File(path);
+        if (!Helpers.isFilenameValid(getContext(), file)) {
+            throw new FileNotFoundException("Invalid file path: " + file);
+        }
         if ("r".equals(mode)) {
             return ParcelFileDescriptor.open(file, ParcelFileDescriptor.MODE_READ_ONLY);
         } else {
author	Jeff Sharkey <jsharkey@android.com>	2016-01-07 14:15:59 -0700
committer	SteadyQuad <SteadyQuad@gmail.com>	2016-04-17 02:57:22 +0200
commit	32e542594c7dcdab5df96ff2edcf90f083d57ef4 (patch)
tree	bcc71ea4e10f98eed0c6832d5114684ca6892848 /src/com/android/providers/downloads/DownloadProvider.java
parent	078607f9d636abf552ce851c896f2d95503a37e0 (diff)
download	android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.tar.gz android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.tar.bz2 android_packages_providers_DownloadProvider-32e542594c7dcdab5df96ff2edcf90f083d57ef4.zip