From b2c63abcdc276645fd712c016ab493bc4764aea2 Mon Sep 17 00:00:00 2001
From: Ben Murdoch <benm@google.com>
Date: Fri, 16 Dec 2011 18:08:30 +0000
Subject: Do not allow file:// access when it is disabled. Do not merge.

Cherry pick of If2793f31cb37e0d3af15cb18e818bfa4058167fd

If WebSettings is configured to disallow access to file://
URLs, then block them.

Bug: 5773763
Change-Id: I0ab84cde90c955d31077329fddebc25978287c64
---
 core/java/android/webkit/BrowserFrame.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index c1945599d337..b94eb763b8b8 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -941,6 +941,13 @@ class BrowserFrame extends Handler {
         if (androidResource != null) {
             return new WebResourceResponse(null, null, androidResource);
         }
+
+        // Note that we check this after looking for an android_asset or
+        // android_res URL, as we allow those even if file access is disabled.
+        if (!mSettings.getAllowFileAccess() && url.startsWith("file://")) {
+            return new WebResourceResponse(null, null, null);
+        }
+
         WebResourceResponse response = mCallbackProxy.shouldInterceptRequest(url);
         if (response == null && "browser:incognito".equals(url)) {
             try {
-- 
cgit v1.2.3-59-g8ed1b