Merge "[SettingsProvider] verify ringtone URI before setting" into rvc-dev am: 941891258d am: 037f529f7d am: 456da723a4 am: ff4b06296f am: 9fd44ec14f am: 8c85c68c47 am: 8d77298ccd am: 2b59bed3dd

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24424817 Change-Id: I2b5b73b07fa24e4c8431eb1e5ad83f3a2b3659e6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2023-08-24 21:21:51 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-08-24 21:21:51 +0000
commit: fca0f83d83bab65c4f1d361e472aa8c51caeddb1 (patch)
tree: b5704660e86bdb51357785cbe58021ba0bc6718a
parent: 697b85fa72ad04a412f5119d7ef0bb8e8c6a7fef (diff)
parent: 2b59bed3dd531ff16fac0a42441256881b2f4c77 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 23b63089849f..cc5d6f7d0ae5 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1948,6 +1948,9 @@ public class SettingsProvider extends ContentProvider {
             cacheName = Settings.System.ALARM_ALERT_CACHE;
         }
         if (cacheName != null) {
+            if (!isValidAudioUri(name, value)) {
+                return false;
+            }
             final File cacheFile = new File(
                     getRingtoneCacheDir(owningUserId), cacheName);
             cacheFile.delete();
@@ -1980,6 +1983,34 @@ public class SettingsProvider extends ContentProvider {
         }
     }
 
+    private boolean isValidAudioUri(String name, String uri) {
+        if (uri != null) {
+            Uri audioUri = Uri.parse(uri);
+            if (Settings.AUTHORITY.equals(
+                    ContentProvider.getAuthorityWithoutUserId(audioUri.getAuthority()))) {
+                // Don't accept setting the default uri to self-referential URIs like
+                // Settings.System.DEFAULT_RINGTONE_URI, which is an alias to the value of this
+                // setting.
+                return false;
+            }
+            final String mimeType = getContext().getContentResolver().getType(audioUri);
+            if (mimeType == null) {
+                Slog.e(LOG_TAG,
+                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri
+                        + " ignored: failure to find mimeType (no access from this context?)");
+                return false;
+            }
+            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+                    || mimeType.equals("application/x-flac"))) {
+                Slog.e(LOG_TAG,
+                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri
+                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");
+                return false;
+            }
+        }
+        return true;
+    }
+
     private boolean hasWriteSecureSettingsPermission() {
         // Write secure settings is a more protected permission. If caller has it we are good.
         return getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2023-08-24 21:21:51 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-08-24 21:21:51 +0000
commit	fca0f83d83bab65c4f1d361e472aa8c51caeddb1 (patch)
tree	b5704660e86bdb51357785cbe58021ba0bc6718a
parent	697b85fa72ad04a412f5119d7ef0bb8e8c6a7fef (diff)
parent	2b59bed3dd531ff16fac0a42441256881b2f4c77 (diff)