Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_packages_apps_Messaging / 7bf7a451f72aaabb0d1844b0c533076f03422fc5^1..7bf7a451f72aaabb0d1844b0c533076f03422fc5 / .
commit7bf7a451f72aaabb0d1844b0c533076f03422fc5[log] [tgz]
authorPresubmit Automerger Backend <android-build-presubmit-automerger-backend@system.gserviceaccount.com>Wed May 10 01:07:51 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Wed May 10 01:07:51 2023 +0000
treea155e64ce3dcc3ccfaf404c9743ebba74db544ae
parent6ac4faba3941b2b628e4506e625e0f82b1731fef [diff]
parent78c26722e226615c8a26e13749737de9c5f6926e [diff]
[automerge] Fix exposing private messages files through attachments with a content URI. 2p: 0d5452146c 2p: 471c3e9320 am: 749732f47b am: 78c26722e2

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Messaging/+/23089831

Change-Id: I1c37352d2c828b7c5da07e146417bd59e4dfdd16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java
index 71fbb4b..e7d86f2 100644
--- a/src/com/android/messaging/util/FileUtil.java
+++ b/src/com/android/messaging/util/FileUtil.java

@@ -20,6 +20,7 @@
 import android.content.Context;
 import android.net.Uri;
 import android.os.Environment;
+import android.os.ParcelFileDescriptor;
 import android.text.TextUtils;
 
 import com.android.messaging.Factory;
@@ -28,6 +29,8 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Locale;
@@ -121,6 +124,10 @@
     // We're told it's possible to create world readable hardlinks to other apps private data
     // so we ban all /data file uris.
     public static boolean isInPrivateDir(Uri uri) {
+        return isFileUriInPrivateDir(uri) || isContentUriInPrivateDir(uri);
+    }
+
+    private static boolean isFileUriInPrivateDir(Uri uri) {
         if (!UriUtil.isFileUri(uri)) {
             return false;
         }
@@ -128,6 +135,24 @@
         return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file);
     }
 
+    private static boolean isContentUriInPrivateDir(Uri uri) {
+        if (!uri.getScheme().equals(ContentResolver.SCHEME_CONTENT)) {
+            return false;
+        }
+        try {
+            Context context = Factory.get().getApplicationContext();
+            ParcelFileDescriptor pfd = context.getContentResolver().openFileDescriptor(uri, "r");
+            int fd = pfd.getFd();
+            // Use the file descriptor to find out the read file path through symbolic link.
+            Path fdPath = Paths.get("/proc/self/fd/" + fd);
+            Path filePath = java.nio.file.Files.readSymbolicLink(fdPath);
+            pfd.close();
+            return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), filePath.toFile());
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
     /**
      * Checks, whether the child directory is the same as, or a sub-directory of the base
      * directory.