diff options
author | Jeff Sharkey <jsharkey@google.com> | 2016-02-18 19:28:31 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-02-18 19:28:31 +0000 |
commit | 102cab3e7deee3392a4d4bf818fabc527db0a222 (patch) | |
tree | 46b64325238195b97cd78a6cd3c67856ce1ddc97 /src/com/android/providers/downloads/DownloadProvider.java | |
parent | b24f46b8ae97d6c947a93bd1660a366d9d143438 (diff) | |
parent | c0b05b37d7af47455c54fdd0dac4c39f2cf8e5dd (diff) | |
download | android_packages_providers_DownloadProvider-102cab3e7deee3392a4d4bf818fabc527db0a222.tar.gz android_packages_providers_DownloadProvider-102cab3e7deee3392a4d4bf818fabc527db0a222.tar.bz2 android_packages_providers_DownloadProvider-102cab3e7deee3392a4d4bf818fabc527db0a222.zip |
Merge "DO NOT MERGE. Use resolved path when inserting and deleting." into mnc-dr1.5-dev
Diffstat (limited to 'src/com/android/providers/downloads/DownloadProvider.java')
-rw-r--r-- | src/com/android/providers/downloads/DownloadProvider.java | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java index 94e5a997..e79aff5f 100644 --- a/src/com/android/providers/downloads/DownloadProvider.java +++ b/src/com/android/providers/downloads/DownloadProvider.java @@ -715,7 +715,13 @@ public final class DownloadProvider extends ContentProvider { throw new IllegalArgumentException("Invalid file URI: " + uri); } - final File file = new File(path); + final File file; + try { + file = new File(path).getCanonicalFile(); + } catch (IOException e) { + throw new SecurityException(e); + } + if (Helpers.isFilenameValidInExternalPackage(getContext(), file, getCallingPackage())) { // No permissions required for paths belonging to calling package return; @@ -1191,10 +1197,14 @@ public final class DownloadProvider extends ContentProvider { final String path = cursor.getString(1); if (!TextUtils.isEmpty(path)) { - final File file = new File(path); - if (Helpers.isFilenameValid(getContext(), file)) { - Log.v(Constants.TAG, "Deleting " + file + " via provider delete"); - file.delete(); + try { + final File file = new File(path).getCanonicalFile(); + if (Helpers.isFilenameValid(getContext(), file)) { + Log.v(Constants.TAG, + "Deleting " + file + " via provider delete"); + file.delete(); + } + } catch (IOException ignored) { } } } |