Translate paths before leaving app sandbox.

When sending the ACTION_MEDIA_SCANNER_SCAN_FILE broadcast, an app provides a raw filesystem path, which might be inside of their sandbox. Once the broadcast is delivered, we don't know where it came from, so we need to translate the path before leaving the app process. Bug: 117909601 Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore* Change-Id: Ibddd72a2d85e1f6541e0d6209e539fe6b5c4bde0
author: Jeff Sharkey <jsharkey@android.com> 2019-03-22 17:18:38 -0600
committer: Jeff Sharkey <jsharkey@android.com> 2019-03-22 17:18:40 -0600
commit: 9c9ee953e65e0246533884a2c76fdeb05dcfa0b0 (patch)
tree: 89e481b215d73ef7eb15cf5def955d6724b6ef74
parent: b8d4c59b089cb302759a77584c2a5ee1583e6852 (diff)
1 files changed, 23 insertions, 3 deletions
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index a5f627ddf1b4..032e5acf12ed 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -29,6 +29,7 @@ import android.annotation.SdkConstant.SdkConstantType;
 import android.annotation.SystemApi;
 import android.annotation.TestApi;
 import android.annotation.UnsupportedAppUsage;
+import android.app.AppGlobals;
 import android.content.pm.ActivityInfo;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.ComponentInfo;
@@ -43,6 +44,7 @@ import android.net.Uri;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.IBinder;
+import android.os.IncidentManager;
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.os.PersistableBundle;
@@ -51,6 +53,7 @@ import android.os.ResultReceiver;
 import android.os.ShellCommand;
 import android.os.StrictMode;
 import android.os.UserHandle;
+import android.os.storage.StorageManager;
 import android.provider.ContactsContract.QuickContact;
 import android.provider.DocumentsContract;
 import android.provider.DocumentsProvider;
@@ -68,6 +71,7 @@ import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Serializable;
@@ -632,6 +636,8 @@ import java.util.Set;
  * of all possible flags.
  */
 public class Intent implements Parcelable, Cloneable {
+    private static final String TAG = "Intent";
+
     private static final String ATTR_ACTION = "action";
     private static final String TAG_CATEGORIES = "categories";
     private static final String ATTR_CATEGORY = "category";
@@ -9807,7 +9813,7 @@ public class Intent implements Parcelable, Cloneable {
                 // may fail.  We really should handle this (i.e., the Bundle
                 // impl shouldn't be on top of a plain map), but for now just
                 // ignore it and keep the original contents. :(
-                Log.w("Intent", "Failure filling in extras", e);
+                Log.w(TAG, "Failure filling in extras", e);
             }
         }
         if (mayHaveCopiedUris && mContentUserHint == UserHandle.USER_CURRENT
@@ -10523,7 +10529,7 @@ public class Intent implements Parcelable, Cloneable {
             } else if (ATTR_FLAGS.equals(attrName)) {
                 intent.setFlags(Integer.parseInt(attrValue, 16));
             } else {
-                Log.e("Intent", "restoreFromXml: unknown attribute=" + attrName);
+                Log.e(TAG, "restoreFromXml: unknown attribute=" + attrName);
             }
         }
 
@@ -10539,7 +10545,7 @@ public class Intent implements Parcelable, Cloneable {
                         intent.addCategory(in.getAttributeValue(attrNdx));
                     }
                 } else {
-                    Log.w("Intent", "restoreFromXml: unknown name=" + name);
+                    Log.w(TAG, "restoreFromXml: unknown name=" + name);
                     XmlUtils.skipCurrentTag(in);
                 }
             }
@@ -10653,6 +10659,20 @@ public class Intent implements Parcelable, Cloneable {
                     mData.checkContentUriWithoutPermission("Intent.getData()", getFlags());
             }
         }
+
+        // Translate raw filesystem paths out of storage sandbox
+        if (ACTION_MEDIA_SCANNER_SCAN_FILE.equals(mAction) && mData != null
+                && ContentResolver.SCHEME_FILE.equals(mData.getScheme()) && leavingPackage) {
+            final StorageManager sm = AppGlobals.getInitialApplication()
+                    .getSystemService(StorageManager.class);
+            final File before = new File(mData.getPath());
+            final File after = sm.translateAppToSystem(before,
+                    android.os.Process.myPid(), android.os.Process.myUid());
+            if (!Objects.equals(before, after)) {
+                Log.v(TAG, "Translated " + before + " to " + after);
+                mData = Uri.fromFile(after);
+            }
+        }
     }
 
     /**
author	Jeff Sharkey <jsharkey@android.com>	2019-03-22 17:18:38 -0600
committer	Jeff Sharkey <jsharkey@android.com>	2019-03-22 17:18:40 -0600
commit	9c9ee953e65e0246533884a2c76fdeb05dcfa0b0 (patch)
tree	89e481b215d73ef7eb15cf5def955d6724b6ef74
parent	b8d4c59b089cb302759a77584c2a5ee1583e6852 (diff)