From e1a64ef38f1effbe99cc8149cb2706df0f1f5916 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Wed, 25 Sep 2013 14:19:04 -0700
Subject: Always check against canonical paths.

Bug: 10920351
Change-Id: I8c7e5344d9fd9d15565eaf93b91ce457a98ab98c
---
 src/com/android/providers/downloads/Helpers.java | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/com/android/providers/downloads/Helpers.java b/src/com/android/providers/downloads/Helpers.java
index aa763de2..013faf27 100644
--- a/src/com/android/providers/downloads/Helpers.java
+++ b/src/com/android/providers/downloads/Helpers.java
@@ -344,16 +344,26 @@ public class Helpers {
      * Checks whether the filename looks legitimate
      */
     static boolean isFilenameValid(String filename, File downloadsDataDir) {
+        final String[] whitelist;
         try {
             filename = new File(filename).getCanonicalPath();
+            whitelist = new String[] {
+                    downloadsDataDir.getCanonicalPath(),
+                    Environment.getDownloadCacheDirectory().getCanonicalPath(),
+                    Environment.getExternalStorageDirectory().getCanonicalPath(),
+            };
         } catch (IOException e) {
             Log.w(TAG, "Failed to resolve canonical path: " + e);
             return false;
         }
 
-        return filename.startsWith(Environment.getDownloadCacheDirectory().toString())
-                || filename.startsWith(downloadsDataDir.toString())
-                || filename.startsWith(Environment.getExternalStorageDirectory().toString());
+        for (String test : whitelist) {
+            if (filename.startsWith(test)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     /**
-- 
cgit v1.2.3