Block access to most Android/* directories.

In a scoped storage world, access to "Android/data" style directories is blocked for privacy reasons. Bug: 141521616 Test: manual Change-Id: I0f435204ce2fcb4514e774239ecb1a1ca26d9dff
author: Jeff Sharkey <jsharkey@android.com> 2019-12-21 17:44:11 -0700
committer: Jeff Sharkey <jsharkey@android.com> 2019-12-22 14:16:20 -0700
commit: c887908f28c291a6b6fe3902213822abcdb15d49 (patch)
tree: 1b6a54093281521902bc41b88ae5054a1dc4179a
parent: 1e89d231a9f3e4b9a81ec3ff9aad5a5218eaeb2a (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/core/java/com/android/internal/content/FileSystemProvider.java b/core/java/com/android/internal/content/FileSystemProvider.java
index dec9ae701fb2..221cd6d8a5c3 100644
--- a/core/java/com/android/internal/content/FileSystemProvider.java
+++ b/core/java/com/android/internal/content/FileSystemProvider.java
@@ -66,6 +66,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.regex.Pattern;
 
 /**
  * A helper class for {@link android.provider.DocumentsProvider} to perform file operations on local
@@ -388,7 +389,9 @@ public abstract class FileSystemProvider extends DocumentsProvider {
                 resolveProjection(projection), parentDocumentId, parent);
         if (parent.isDirectory()) {
             for (File file : FileUtils.listFilesOrEmpty(parent)) {
-                includeFile(result, null, file);
+                if (!shouldHide(file)) {
+                    includeFile(result, null, file);
+                }
             }
         } else {
             Log.w(TAG, "parentDocumentId '" + parentDocumentId + "' is not Directory");
@@ -422,6 +425,8 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         pending.add(folder);
         while (!pending.isEmpty() && result.getCount() < 24) {
             final File file = pending.removeFirst();
+            if (shouldHide(file)) continue;
+
             if (file.isDirectory()) {
                 for (File child : file.listFiles()) {
                     pending.add(child);
@@ -540,6 +545,7 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         } else {
             file = getFileForDocId(docId);
         }
+
         final String mimeType = getDocumentType(docId, file);
         row.add(Document.COLUMN_DOCUMENT_ID, docId);
         row.add(Document.COLUMN_MIME_TYPE, mimeType);
@@ -598,6 +604,17 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         return row;
     }
 
+    private static final Pattern PATTERN_HIDDEN_PATH = Pattern.compile(
+            "(?i)^/storage/[^/]+/(?:[0-9]+/)?Android/(?:data|obb|sandbox)$");
+
+    /**
+     * In a scoped storage world, access to "Android/data" style directories are
+     * hidden for privacy reasons.
+     */
+    protected boolean shouldHide(@NonNull File file) {
+        return (PATTERN_HIDDEN_PATH.matcher(file.getAbsolutePath()).matches());
+    }
+
     protected boolean shouldBlockFromTree(@NonNull String docId) {
         return false;
     }
author	Jeff Sharkey <jsharkey@android.com>	2019-12-21 17:44:11 -0700
committer	Jeff Sharkey <jsharkey@android.com>	2019-12-22 14:16:20 -0700
commit	c887908f28c291a6b6fe3902213822abcdb15d49 (patch)
tree	1b6a54093281521902bc41b88ae5054a1dc4179a
parent	1e89d231a9f3e4b9a81ec3ff9aad5a5218eaeb2a (diff)