Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Validate user-supplied URIs in DocumentsProvider calls" into rvc-qpr-dev

Browse Source
This commit is contained in:
Abhijeet Kaur
2020-10-06 10:17:23 +00:00
committed by Android (Google) Code Review
parent 0f8ee3c268 e4bb1d7b6c
commit 249b137d92
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
core/java/android/provider/DocumentsProvider.java
View File

@@ -232,6 +232,10 @@ public abstract class DocumentsProvider extends ContentProvider {
}
}
private Uri validateIncomingNullableUri(@Nullable Uri uri) {
return uri == null ? null : validateIncomingUri(uri);
}
/**
* Create a new document and return its newly generated
* {@link Document#COLUMN_DOCUMENT_ID}. You must allocate a new
@@ -1076,11 +1080,18 @@ public abstract class DocumentsProvider extends ContentProvider {
final Context context = getContext();
final Bundle out = new Bundle();
final Uri extraUri = validateIncomingNullableUri(
extras.getParcelable(DocumentsContract.EXTRA_URI));
final Uri extraTargetUri = validateIncomingNullableUri(
extras.getParcelable(DocumentsContract.EXTRA_TARGET_URI));
final Uri extraParentUri = validateIncomingNullableUri(
extras.getParcelable(DocumentsContract.EXTRA_PARENT_URI));
if (METHOD_EJECT_ROOT.equals(method)) {
// Given that certain system apps can hold MOUNT_UNMOUNT permission, but only apps
// signed with platform signature can hold MANAGE_DOCUMENTS, we are going to check for
// MANAGE_DOCUMENTS or associated URI permission here instead
final Uri rootUri = extras.getParcelable(DocumentsContract.EXTRA_URI);
final Uri rootUri = extraUri;
enforceWritePermissionInner(rootUri, getCallingPackage(), getCallingAttributionTag(),
null);
@@ -1090,7 +1101,7 @@ public abstract class DocumentsProvider extends ContentProvider {
return out;
}
final Uri documentUri = extras.getParcelable(DocumentsContract.EXTRA_URI);
final Uri documentUri = extraUri;
final String authority = documentUri.getAuthority();
final String documentId = DocumentsContract.getDocumentId(documentUri);
@@ -1106,7 +1117,7 @@ public abstract class DocumentsProvider extends ContentProvider {
enforceReadPermissionInner(documentUri, getCallingPackage(),
getCallingAttributionTag(), null);
final Uri childUri = extras.getParcelable(DocumentsContract.EXTRA_TARGET_URI);
final Uri childUri = extraTargetUri;
final String childAuthority = childUri.getAuthority();
final String childId = DocumentsContract.getDocumentId(childUri);
@@ -1173,7 +1184,7 @@ public abstract class DocumentsProvider extends ContentProvider {
revokeDocumentPermission(documentId);
} else if (METHOD_COPY_DOCUMENT.equals(method)) {
final Uri targetUri = extras.getParcelable(DocumentsContract.EXTRA_TARGET_URI);
final Uri targetUri = extraTargetUri;
final String targetId = DocumentsContract.getDocumentId(targetUri);
enforceReadPermissionInner(documentUri, getCallingPackage(),
@@ -1197,9 +1208,9 @@ public abstract class DocumentsProvider extends ContentProvider {
}
} else if (METHOD_MOVE_DOCUMENT.equals(method)) {
final Uri parentSourceUri = extras.getParcelable(DocumentsContract.EXTRA_PARENT_URI);
final Uri parentSourceUri = extraParentUri;
final String parentSourceId = DocumentsContract.getDocumentId(parentSourceUri);
final Uri targetUri = extras.getParcelable(DocumentsContract.EXTRA_TARGET_URI);
final Uri targetUri = extraTargetUri;
final String targetId = DocumentsContract.getDocumentId(targetUri);
enforceWritePermissionInner(documentUri, getCallingPackage(),
@@ -1225,7 +1236,7 @@ public abstract class DocumentsProvider extends ContentProvider {
}
} else if (METHOD_REMOVE_DOCUMENT.equals(method)) {
final Uri parentSourceUri = extras.getParcelable(DocumentsContract.EXTRA_PARENT_URI);
final Uri parentSourceUri = extraParentUri;
final String parentSourceId = DocumentsContract.getDocumentId(parentSourceUri);
enforceReadPermissionInner(parentSourceUri, getCallingPackage(),