Fix WebView vulnerability by disallowing file access

Fix webvuew vulnerability inside captiveportal activity by disallowing access private file in app's sandbox. Bug: 150610071 Test: Build Change-Id: I67e695478476b6ee9cf21ed41213f25441d9776a
2020-04-24 12:26:04 -07:00
parent 5387ec284c
commit fef654fffc
1 changed files with 1 additions and 0 deletions
--- a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
+++ b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
@@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity {
        webSettings.setSupportZoom(true);
        webSettings.setBuiltInZoomControls(true);
        webSettings.setDomStorageEnabled(true);
+        webSettings.setAllowFileAccess(false);
        mWebViewClient = new MyWebViewClient();
        mWebView.setWebViewClient(mWebViewClient);
        mWebView.setWebChromeClient(new MyWebChromeClient());