diff options
| -rw-r--r-- | services/java/com/android/server/BackupManagerService.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java index a537e99dfa98..2c88c3254d2d 100644 --- a/services/java/com/android/server/BackupManagerService.java +++ b/services/java/com/android/server/BackupManagerService.java @@ -3390,6 +3390,14 @@ class BackupManagerService extends IBackupManager.Stub { break; } + // The path needs to be canonical + if (info.path.contains("..") || info.path.contains("//")) { + if (MORE_DEBUG) { + Slog.w(TAG, "Dropping invalid path " + info.path); + } + okay = false; + } + // If the policy is satisfied, go ahead and set up to pipe the // data to the agent. if (DEBUG && okay && mAgent != null) { |