Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent sharesheet from previewing unowned URIs

Browse Source 
Bug: 261036568
Test: manually via supplied tool (see bug)
Change-Id: I21accf6f753d2f676f1602d6e1ce829c5ef29e9a
Merged-In: I582bacca197d814204b48b917a550f72dbde87d6
Merged-In: Ib3f5839d00c7cf09bca3b01fc0a8a6f0f4960993
Merged-In: Iee1a75ef6ecbf471badeb42d8ebea11e74d884c1
Merged-In: I83e93c373538460e38ec17f1fd8e39d7aea95c10
This commit is contained in:
Mark Renouf
2023-02-22 15:14:08 +00:00
parent 81224e6f76
commit 3062b80fb2
1 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
core/java/com/android/internal/app/ChooserActivity.java
View File

@@ -16,6 +16,8 @@
package com.android.internal.app;
import static android.content.ContentProvider.getUserIdFromUri;
import static java.lang.annotation.RetentionPolicy.SOURCE;
import android.animation.Animator;
@@ -148,6 +150,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
/**
* The Chooser Activity handles intent resolution specifically for sharing intents -
@@ -1301,7 +1304,7 @@ public class ChooserActivity extends ResolverActivity implements
ImageView previewThumbnailView = contentPreviewLayout.findViewById(
R.id.content_preview_thumbnail);
if (previewThumbnail == null) {
if (!validForContentPreview(previewThumbnail)) {
previewThumbnailView.setVisibility(View.GONE);
} else {
mPreviewCoord = new ContentPreviewCoordinator(contentPreviewLayout, false);
@@ -1327,6 +1330,10 @@ public class ChooserActivity extends ResolverActivity implements
String action = targetIntent.getAction();
if (Intent.ACTION_SEND.equals(action)) {
Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
if (!validForContentPreview(uri)) {
contentPreviewLayout.setVisibility(View.GONE);
return contentPreviewLayout;
}
mPreviewCoord.loadUriIntoView(R.id.content_preview_image_1_large, uri, 0);
} else {
ContentResolver resolver = getContentResolver();
@@ -1334,7 +1341,7 @@ public class ChooserActivity extends ResolverActivity implements
List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
List<Uri> imageUris = new ArrayList<>();
for (Uri uri : uris) {
if (isImageType(resolver.getType(uri))) {
if (validForContentPreview(uri) && isImageType(resolver.getType(uri))) {
imageUris.add(uri);
}
}
@@ -1441,9 +1448,16 @@ public class ChooserActivity extends ResolverActivity implements
String action = targetIntent.getAction();
if (Intent.ACTION_SEND.equals(action)) {
Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
if (!validForContentPreview(uri)) {
contentPreviewLayout.setVisibility(View.GONE);
return contentPreviewLayout;
}
loadFileUriIntoView(uri, contentPreviewLayout);
} else {
List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
uris = uris.stream()
.filter(ChooserActivity::validForContentPreview)
.collect(Collectors.toList());
int uriCount = uris.size();
if (uriCount == 0) {
@@ -1497,6 +1511,24 @@ public class ChooserActivity extends ResolverActivity implements
}
}
/**
* Indicate if the incoming content URI should be allowed.
*
* @param uri the uri to test
* @return true if the URI is allowed for content preview
*/
private static boolean validForContentPreview(Uri uri) throws SecurityException {
if (uri == null) {
return false;
}
int userId = getUserIdFromUri(uri, UserHandle.USER_CURRENT);
if (userId != UserHandle.USER_CURRENT && userId != UserHandle.myUserId()) {
Log.e(TAG, "dropped invalid content URI belonging to user " + userId);
return false;
}
return true;
}
@VisibleForTesting
protected boolean isImageType(String mimeType) {
return mimeType != null && mimeType.startsWith("image/");