Do not allow file:// access when it is disabled. Do not merge.

Cherry pick of If2793f31cb37e0d3af15cb18e818bfa4058167fd If WebSettings is configured to disallow access to file:// URLs, then block them. Bug: 5773763 Change-Id: I0ab84cde90c955d31077329fddebc25978287c64
author: Ben Murdoch <benm@google.com> 2011-12-16 18:08:30 +0000
committer: Ben Murdoch <benm@google.com> 2012-01-04 15:08:07 +0000
commit: b2c63abcdc276645fd712c016ab493bc4764aea2 (patch)
tree: 4f858c1ce0dec5d1b097f4c5d0ec5f2aefbe885b
parent: 30ad699c0e246ef3889f691361758235ecb89895 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index c1945599d337..b94eb763b8b8 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -941,6 +941,13 @@ class BrowserFrame extends Handler {
         if (androidResource != null) {
             return new WebResourceResponse(null, null, androidResource);
         }
+
+        // Note that we check this after looking for an android_asset or
+        // android_res URL, as we allow those even if file access is disabled.
+        if (!mSettings.getAllowFileAccess() && url.startsWith("file://")) {
+            return new WebResourceResponse(null, null, null);
+        }
+
         WebResourceResponse response = mCallbackProxy.shouldInterceptRequest(url);
         if (response == null && "browser:incognito".equals(url)) {
             try {
author	Ben Murdoch <benm@google.com>	2011-12-16 18:08:30 +0000
committer	Ben Murdoch <benm@google.com>	2012-01-04 15:08:07 +0000
commit	b2c63abcdc276645fd712c016ab493bc4764aea2 (patch)
tree	4f858c1ce0dec5d1b097f4c5d0ec5f2aefbe885b
parent	30ad699c0e246ef3889f691361758235ecb89895 (diff)