From f92b87e0fa6d86e076aa7138f6c0c0be16e5b901 Mon Sep 17 00:00:00 2001
From: Kiran Ramachandra <kiranmr@google.com>
Date: Wed, 5 Jun 2024 21:03:33 +0000
Subject: [PATCH] DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme
 delimiter

Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption

Bug: 261721900
Test: atest FrameworksCoreTests:android.net.UriTest

No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1fd0421801c391dd619cafeeea8d379a9029074a)
Merged-In: I88b1550a5d8b3dc0f6286e28899884025d059645
Change-Id: I88b1550a5d8b3dc0f6286e28899884025d059645
---
 core/java/android/net/Uri.java                    |  6 +++++-
 core/tests/coretests/src/android/net/UriTest.java | 11 +++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index af1c0e8e91788..d0fcc4240fd98 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1365,7 +1365,11 @@ public Builder() {}
          * @param scheme name or {@code null} if this is a relative Uri
          */
         public Builder scheme(String scheme) {
-            this.scheme = scheme;
+            if (scheme != null) {
+                this.scheme = scheme.replace("://", "");
+            } else {
+                this.scheme = null;
+            }
             return this;
         }
 
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index ea0347d67ad74..6c9fdd5a83a78 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -18,6 +18,7 @@
 
 import android.content.ContentUris;
 import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
 import android.test.suitebuilder.annotation.SmallTest;
 
 import junit.framework.TestCase;
@@ -83,6 +84,16 @@ public void testBuildUponOpaqueStringUri() {
         assertNull(u.getHost());
     }
 
+    @AsbSecurityTest(cveBugId = 261721900)
+    @SmallTest
+    public void testSchemeSanitization() {
+        Uri uri = new Uri.Builder()
+                .scheme("http://https://evil.com:/te:st/")
+                .authority("google.com").path("one/way").build();
+        assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
+        assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
+    }
+
     @SmallTest
     public void testStringUri() {
         assertEquals("bob lee",