summaryrefslogtreecommitdiff
path: root/java/src
diff options
context:
space:
mode:
author Mark Renouf <mrenouf@google.com> 2023-02-22 02:50:05 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-02-22 02:50:05 +0000
commit15649bdbbb46ffd6a9c9a68fc88a176fcb4be139 (patch)
tree5f27ae1d4a33adf03997a32198d84cc5efdd12bb /java/src
parent5ab7fc28ed19fa87f4efbc30108a0ad654c7fe99 (diff)
parente326e21d63b353e1858a448dbe088750d1c12db8 (diff)
Merge "Prevent sharesheet from previewing unowned URIs" into tm-qpr-dev am: e326e21d63
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/IntentResolver/+/21452145 Change-Id: If21acbdae65af9a86ffd0ef9370888295b151709 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'java/src')
-rw-r--r--java/src/com/android/intentresolver/ChooserContentPreviewUi.java27
1 files changed, 24 insertions, 3 deletions
diff --git a/java/src/com/android/intentresolver/ChooserContentPreviewUi.java b/java/src/com/android/intentresolver/ChooserContentPreviewUi.java
index 7d627e07..aa147853 100644
--- a/java/src/com/android/intentresolver/ChooserContentPreviewUi.java
+++ b/java/src/com/android/intentresolver/ChooserContentPreviewUi.java
@@ -16,6 +16,7 @@
package com.android.intentresolver;
+import static android.content.ContentProvider.getUserIdFromUri;
import static java.lang.annotation.RetentionPolicy.SOURCE;
import android.animation.ObjectAnimator;
@@ -28,6 +29,7 @@ import android.content.res.Resources;
import android.database.Cursor;
import android.graphics.Bitmap;
import android.net.Uri;
+import android.os.UserHandle;
import android.provider.DocumentsContract;
import android.provider.Downloads;
import android.provider.OpenableColumns;
@@ -341,7 +343,7 @@ public final class ChooserContentPreviewUi {
ImageView previewThumbnailView = contentPreviewLayout.findViewById(
com.android.internal.R.id.content_preview_thumbnail);
- if (previewThumbnail == null) {
+ if (!validForContentPreview(previewThumbnail)) {
previewThumbnailView.setVisibility(View.GONE);
} else {
previewImageLoader.loadImage(
@@ -538,14 +540,14 @@ public final class ChooserContentPreviewUi {
List<Uri> uris = new ArrayList<>();
if (Intent.ACTION_SEND.equals(targetIntent.getAction())) {
Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
- if (uri != null) {
+ if (validForContentPreview(uri)) {
uris.add(uri);
}
} else {
List<Uri> receivedUris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
if (receivedUris != null) {
for (Uri uri : receivedUris) {
- if (uri != null) {
+ if (validForContentPreview(uri)) {
uris.add(uri);
}
}
@@ -554,6 +556,25 @@ public final class ChooserContentPreviewUi {
return uris;
}
+ /**
+ * Indicate if the incoming content URI should be allowed.
+ *
+ * @param uri the uri to test
+ * @return true if the URI is allowed for content preview
+ */
+ private static boolean validForContentPreview(Uri uri) throws SecurityException {
+ if (uri == null) {
+ return false;
+ }
+ int userId = getUserIdFromUri(uri, UserHandle.USER_CURRENT);
+ if (userId != UserHandle.USER_CURRENT && userId != UserHandle.myUserId()) {
+ Log.e(TAG, "dropped invalid content URI belonging to user " + userId);
+ return false;
+ }
+ return true;
+ }
+
+
private static List<ActionRow.Action> createFilePreviewActions(ActionFactory actionFactory) {
List<ActionRow.Action> actions = new ArrayList<>(1);
//TODO(b/120417119):
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-17 08:38:00 +0000