mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-21 21:01:13 -05:00
107 lines
4.6 KiB
Diff
107 lines
4.6 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Mark Renouf <mrenouf@google.com>
|
||
|
Date: Wed, 22 Feb 2023 15:14:08 +0000
|
||
|
Subject: [PATCH] Prevent sharesheet from previewing unowned URIs
|
||
|
|
||
|
Bug: 261036568
|
||
|
Test: manually via supplied tool (see bug)
|
||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3062b80fb28014a7482d5fa8b2a5c852134a5845)
|
||
|
Merged-In: I21accf6f753d2f676f1602d6e1ce829c5ef29e9a
|
||
|
Change-Id: I21accf6f753d2f676f1602d6e1ce829c5ef29e9a
|
||
|
---
|
||
|
.../android/internal/app/ChooserActivity.java | 36 +++++++++++++++++--
|
||
|
1 file changed, 34 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
|
||
|
index f43ff17ed7d0..2e17dce90240 100644
|
||
|
--- a/core/java/com/android/internal/app/ChooserActivity.java
|
||
|
+++ b/core/java/com/android/internal/app/ChooserActivity.java
|
||
|
@@ -16,6 +16,8 @@
|
||
|
|
||
|
package com.android.internal.app;
|
||
|
|
||
|
+import static android.content.ContentProvider.getUserIdFromUri;
|
||
|
+
|
||
|
import static java.lang.annotation.RetentionPolicy.SOURCE;
|
||
|
|
||
|
import android.animation.Animator;
|
||
|
@@ -140,6 +142,7 @@ import java.util.HashSet;
|
||
|
import java.util.List;
|
||
|
import java.util.Map;
|
||
|
import java.util.Set;
|
||
|
+import java.util.stream.Collectors;
|
||
|
|
||
|
/**
|
||
|
* The Chooser Activity handles intent resolution specifically for sharing intents -
|
||
|
@@ -1082,7 +1085,7 @@ public class ChooserActivity extends ResolverActivity {
|
||
|
|
||
|
ImageView previewThumbnailView = contentPreviewLayout.findViewById(
|
||
|
R.id.content_preview_thumbnail);
|
||
|
- if (previewThumbnail == null) {
|
||
|
+ if (!validForContentPreview(previewThumbnail)) {
|
||
|
previewThumbnailView.setVisibility(View.GONE);
|
||
|
} else {
|
||
|
mPreviewCoord = new ContentPreviewCoordinator(contentPreviewLayout, false);
|
||
|
@@ -1109,6 +1112,10 @@ public class ChooserActivity extends ResolverActivity {
|
||
|
String action = targetIntent.getAction();
|
||
|
if (Intent.ACTION_SEND.equals(action)) {
|
||
|
Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
|
||
|
+ if (!validForContentPreview(uri)) {
|
||
|
+ contentPreviewLayout.setVisibility(View.GONE);
|
||
|
+ return contentPreviewLayout;
|
||
|
+ }
|
||
|
mPreviewCoord.loadUriIntoView(R.id.content_preview_image_1_large, uri, 0);
|
||
|
} else {
|
||
|
ContentResolver resolver = getContentResolver();
|
||
|
@@ -1116,7 +1123,7 @@ public class ChooserActivity extends ResolverActivity {
|
||
|
List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
|
||
|
List<Uri> imageUris = new ArrayList<>();
|
||
|
for (Uri uri : uris) {
|
||
|
- if (isImageType(resolver.getType(uri))) {
|
||
|
+ if (validForContentPreview(uri) && isImageType(resolver.getType(uri))) {
|
||
|
imageUris.add(uri);
|
||
|
}
|
||
|
}
|
||
|
@@ -1222,9 +1229,16 @@ public class ChooserActivity extends ResolverActivity {
|
||
|
String action = targetIntent.getAction();
|
||
|
if (Intent.ACTION_SEND.equals(action)) {
|
||
|
Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
|
||
|
+ if (!validForContentPreview(uri)) {
|
||
|
+ contentPreviewLayout.setVisibility(View.GONE);
|
||
|
+ return contentPreviewLayout;
|
||
|
+ }
|
||
|
loadFileUriIntoView(uri, contentPreviewLayout);
|
||
|
} else {
|
||
|
List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
|
||
|
+ uris = uris.stream()
|
||
|
+ .filter(ChooserActivity::validForContentPreview)
|
||
|
+ .collect(Collectors.toList());
|
||
|
int uriCount = uris.size();
|
||
|
|
||
|
if (uriCount == 0) {
|
||
|
@@ -1278,6 +1292,24 @@ public class ChooserActivity extends ResolverActivity {
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ /**
|
||
|
+ * Indicate if the incoming content URI should be allowed.
|
||
|
+ *
|
||
|
+ * @param uri the uri to test
|
||
|
+ * @return true if the URI is allowed for content preview
|
||
|
+ */
|
||
|
+ private static boolean validForContentPreview(Uri uri) throws SecurityException {
|
||
|
+ if (uri == null) {
|
||
|
+ return false;
|
||
|
+ }
|
||
|
+ int userId = getUserIdFromUri(uri, UserHandle.USER_CURRENT);
|
||
|
+ if (userId != UserHandle.USER_CURRENT && userId != UserHandle.myUserId()) {
|
||
|
+ Log.e(TAG, "dropped invalid content URI belonging to user " + userId);
|
||
|
+ return false;
|
||
|
+ }
|
||
|
+ return true;
|
||
|
+ }
|
||
|
+
|
||
|
@VisibleForTesting
|
||
|
protected boolean isImageType(String mimeType) {
|
||
|
return mimeType != null && mimeType.startsWith("image/");
|