AOSP/Gallery2 - Disable copying of arbitrary private file of Gallery2 into External Storage. + ContentResolver.SCHEME_FILE is a constant defined as "file". A malicious app can use "File:" url to copy private files of Gallery2. Fix is to lowercase the scheme before doing the comparison. Fix: 201535427 Bug: 201535427 Test: manual Change-Id: I40672a0745ac65549c539da73ebb5b1710fd2821 (cherry picked from commit 0acea168f86f938bc99d872a79558b46e4b61c39)

commit: d86de8900a3a2f19147f01d697c6bd9149a89489 [log] [tgz]
author: Raman Tenneti <rtenneti@google.com> Wed Jan 05 12:04:39 2022 -0800
committer: Michael Bestas <mkbestas@lineageos.org> Tue Jun 21 18:08:43 2022 +0300
tree: 31702e7f0f3046e3bc213b3b80fa6b3cf91002ff
parent: 495f1c9102ee63648fd512201f08257de77ea5d1 [diff]
diff --git a/src/com/android/gallery3d/data/UriImage.java b/src/com/android/gallery3d/data/UriImage.java
index 47ba535..5b069bd 100644
--- a/src/com/android/gallery3d/data/UriImage.java
+++ b/src/com/android/gallery3d/data/UriImage.java

@@ -38,6 +38,7 @@
 import java.io.InputStream;
 import java.net.URI;
 import java.net.URL;
+import java.util.Locale;
 
 public class UriImage extends MediaItem {
     private static final String TAG = "UriImage";
@@ -94,7 +95,7 @@
     }
 
     private int openOrDownloadInner(JobContext jc) {
-        String scheme = mUri.getScheme();
+        String scheme = mUri.getScheme().toLowerCase(Locale.ENGLISH);
         if (ContentResolver.SCHEME_CONTENT.equals(scheme)
                 || ContentResolver.SCHEME_ANDROID_RESOURCE.equals(scheme)
                 || ContentResolver.SCHEME_FILE.equals(scheme)) {
commit	d86de8900a3a2f19147f01d697c6bd9149a89489	[log] [tgz]
author	Raman Tenneti <rtenneti@google.com>	Wed Jan 05 12:04:39 2022 -0800
committer	Michael Bestas <mkbestas@lineageos.org>	Tue Jun 21 18:08:43 2022 +0300
tree	31702e7f0f3046e3bc213b3b80fa6b3cf91002ff
parent	495f1c9102ee63648fd512201f08257de77ea5d1 [diff]