diff options
author | Jeff Sharkey <jsharkey@android.com> | 2016-01-07 14:15:59 -0700 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2016-01-14 14:17:30 -0700 |
commit | bdc831357e7a116bc561d51bf2ddc85ff11c01a9 (patch) | |
tree | ae8fe48bbc79c0a044dc0624f6f30d09b11bc0f4 /src/com/android/providers/downloads/Helpers.java | |
parent | f3679d0367cd8a0e72875800decf9f63033645a0 (diff) | |
download | android_packages_providers_DownloadProvider-bdc831357e7a116bc561d51bf2ddc85ff11c01a9.tar.gz android_packages_providers_DownloadProvider-bdc831357e7a116bc561d51bf2ddc85ff11c01a9.tar.bz2 android_packages_providers_DownloadProvider-bdc831357e7a116bc561d51bf2ddc85ff11c01a9.zip |
Use resolved path for both checking and opening.
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
Diffstat (limited to 'src/com/android/providers/downloads/Helpers.java')
-rw-r--r-- | src/com/android/providers/downloads/Helpers.java | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/com/android/providers/downloads/Helpers.java b/src/com/android/providers/downloads/Helpers.java index 0aa49c0a..1b4c911e 100644 --- a/src/com/android/providers/downloads/Helpers.java +++ b/src/com/android/providers/downloads/Helpers.java @@ -341,7 +341,6 @@ public class Helpers { static boolean isFilenameValid(Context context, File file) { final File[] whitelist; try { - file = file.getCanonicalFile(); whitelist = new File[] { context.getFilesDir().getCanonicalFile(), context.getCacheDir().getCanonicalFile(), |