From c887908f28c291a6b6fe3902213822abcdb15d49 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Sat, 21 Dec 2019 17:44:11 -0700
Subject: Block access to most Android/* directories.

In a scoped storage world, access to "Android/data" style directories
is blocked for privacy reasons.

Bug: 141521616
Test: manual
Change-Id: I0f435204ce2fcb4514e774239ecb1a1ca26d9dff
---
 .../android/internal/content/FileSystemProvider.java  | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/core/java/com/android/internal/content/FileSystemProvider.java b/core/java/com/android/internal/content/FileSystemProvider.java
index dec9ae701fb2..221cd6d8a5c3 100644
--- a/core/java/com/android/internal/content/FileSystemProvider.java
+++ b/core/java/com/android/internal/content/FileSystemProvider.java
@@ -66,6 +66,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.regex.Pattern;
 
 /**
  * A helper class for {@link android.provider.DocumentsProvider} to perform file operations on local
@@ -388,7 +389,9 @@ public abstract class FileSystemProvider extends DocumentsProvider {
                 resolveProjection(projection), parentDocumentId, parent);
         if (parent.isDirectory()) {
             for (File file : FileUtils.listFilesOrEmpty(parent)) {
-                includeFile(result, null, file);
+                if (!shouldHide(file)) {
+                    includeFile(result, null, file);
+                }
             }
         } else {
             Log.w(TAG, "parentDocumentId '" + parentDocumentId + "' is not Directory");
@@ -422,6 +425,8 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         pending.add(folder);
         while (!pending.isEmpty() && result.getCount() < 24) {
             final File file = pending.removeFirst();
+            if (shouldHide(file)) continue;
+
             if (file.isDirectory()) {
                 for (File child : file.listFiles()) {
                     pending.add(child);
@@ -540,6 +545,7 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         } else {
             file = getFileForDocId(docId);
         }
+
         final String mimeType = getDocumentType(docId, file);
         row.add(Document.COLUMN_DOCUMENT_ID, docId);
         row.add(Document.COLUMN_MIME_TYPE, mimeType);
@@ -598,6 +604,17 @@ public abstract class FileSystemProvider extends DocumentsProvider {
         return row;
     }
 
+    private static final Pattern PATTERN_HIDDEN_PATH = Pattern.compile(
+            "(?i)^/storage/[^/]+/(?:[0-9]+/)?Android/(?:data|obb|sandbox)$");
+
+    /**
+     * In a scoped storage world, access to "Android/data" style directories are
+     * hidden for privacy reasons.
+     */
+    protected boolean shouldHide(@NonNull File file) {
+        return (PATTERN_HIDDEN_PATH.matcher(file.getAbsolutePath()).matches());
+    }
+
     protected boolean shouldBlockFromTree(@NonNull String docId) {
         return false;
     }
-- 
cgit v1.2.3-59-g8ed1b