diff options
author | Brad Ebinger <breadley@google.com> | 2016-10-14 17:47:27 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-10-14 17:47:27 +0000 |
commit | 8b1086eb4b8c79a7bb92306d76c4e1a4ae512af9 (patch) | |
tree | eede7a75db4946facbc91858e55f33659abc8cf6 /sip | |
parent | acc453be16667295c18dff9c7caf01ca97839d08 (diff) | |
parent | 52823033626ee55474d942d5b9ea24e0f07dbb66 (diff) | |
download | android_packages_services_Telephony-8b1086eb4b8c79a7bb92306d76c4e1a4ae512af9.tar.gz android_packages_services_Telephony-8b1086eb4b8c79a7bb92306d76c4e1a4ae512af9.tar.bz2 android_packages_services_Telephony-8b1086eb4b8c79a7bb92306d76c4e1a4ae512af9.zip |
Restrict SipProfiles to profiles directory
am: 5282303362
Change-Id: I340194219492dd5eae7da80e4ec002c37fd413ab
Diffstat (limited to 'sip')
3 files changed, 33 insertions, 5 deletions
diff --git a/sip/src/com/android/services/telephony/sip/SipEditor.java b/sip/src/com/android/services/telephony/sip/SipEditor.java index f6e9c2299..07e5b62e1 100644 --- a/sip/src/com/android/services/telephony/sip/SipEditor.java +++ b/sip/src/com/android/services/telephony/sip/SipEditor.java @@ -259,7 +259,7 @@ public class SipEditor extends PreferenceActivity * * @param p The {@link SipProfile} to delete. */ - private void deleteAndUnregisterProfile(SipProfile p) { + private void deleteAndUnregisterProfile(SipProfile p) throws IOException { if (p == null) return; mProfileDb.deleteProfile(p); mSipAccountRegistry.stopSipService(this, p.getProfileName()); diff --git a/sip/src/com/android/services/telephony/sip/SipProfileDb.java b/sip/src/com/android/services/telephony/sip/SipProfileDb.java index e7b201b25..bb1c7ecd3 100644 --- a/sip/src/com/android/services/telephony/sip/SipProfileDb.java +++ b/sip/src/com/android/services/telephony/sip/SipProfileDb.java @@ -21,6 +21,7 @@ import com.android.internal.os.AtomicFile; import android.content.Context; import android.net.sip.SipProfile; import android.text.TextUtils; +import android.util.EventLog; import android.util.Log; import java.io.File; @@ -66,9 +67,13 @@ class SipProfileDb { mSipPreferences = new SipPreferences(mContext); } - public void deleteProfile(SipProfile p) { + public void deleteProfile(SipProfile p) throws IOException { synchronized(SipProfileDb.class) { - deleteProfile(new File(mProfilesDirectory + p.getProfileName())); + File profileFile = new File(mProfilesDirectory, p.getProfileName()); + if (!isChild(new File(mProfilesDirectory), profileFile)) { + throw new IOException("Invalid Profile Credentials!"); + } + deleteProfile(profileFile); if (mProfilesCount < 0) retrieveSipProfileListInternal(); } } @@ -93,7 +98,10 @@ class SipProfileDb { public void saveProfile(SipProfile p) throws IOException { synchronized(SipProfileDb.class) { if (mProfilesCount < 0) retrieveSipProfileListInternal(); - File f = new File(mProfilesDirectory + p.getProfileName()); + File f = new File(mProfilesDirectory, p.getProfileName()); + if (!isChild(new File(mProfilesDirectory), f)) { + throw new IOException("Invalid Profile Credentials!"); + } if (!f.exists()) f.mkdirs(); AtomicFile atomicFile = new AtomicFile(new File(f, PROFILE_OBJ_FILE)); FileOutputStream fos = null; @@ -173,4 +181,19 @@ class SipProfileDb { private static void log(String msg) { Log.d(SipUtil.LOG_TAG, PREFIX + msg); } + + /** + * Verifies that the file is a direct child of the base directory. + */ + private boolean isChild(File base, File file) { + if (base == null || file == null) { + return false; + } + if (!base.equals(file.getAbsoluteFile().getParentFile())) { + Log.w(SipUtil.LOG_TAG, "isChild, file is not a child of the base dir."); + EventLog.writeEvent(0x534e4554, "31530456", -1, ""); + return false; + } + return true; + } } diff --git a/sip/src/com/android/services/telephony/sip/SipUtil.java b/sip/src/com/android/services/telephony/sip/SipUtil.java index 3678c462f..cf03dd373 100644 --- a/sip/src/com/android/services/telephony/sip/SipUtil.java +++ b/sip/src/com/android/services/telephony/sip/SipUtil.java @@ -164,7 +164,12 @@ public class SipUtil { } Log.i(LOG_TAG, "(Migration) Deleting SIP profile: " + profileToMove.getProfileName()); - dbDeStorage.deleteProfile(profileToMove); + try { + dbDeStorage.deleteProfile(profileToMove); + } catch (IOException e) { + Log.w(LOG_TAG, "Error Deleting file: " + + profileToMove.getProfileName(), e); + } } } // Delete supporting structures if they exist |