Messaging doesn't allow sharing of its own files
-Previously, Messaging allowed sharing of any file it had permission
to reach. This meant that bad apps could share a link to
file:///data/data/com.android.messaging/databases/bugle_db
and Messaging would happily send all this sensitive information to
the target. Worse, a bad app could share a softlink to this file,
where the symlink was picture.jpg with the image/jpg type.
-Now, when sanitizing attachments, we make sure any filepaths don't
lead to any Bugle-specific directories.
-getApplicationInfo().dataDir is a symlink to
/data/data/com.android.messaging, and appears to be the
only directory where we store personal data.
-Most apps share as contentUris, including Messaging, so Messaging
can still share to itself.
Change-Id: Ic464bc1f099029a030793c478aaf88b957d8bad1
Fixes:28076752
diff --git a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java
index ef7fcef..396f1da 100644
--- a/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java
+++ b/src/com/android/messaging/ui/conversationlist/ShareIntentActivity.java
@@ -34,6 +34,7 @@
import com.android.messaging.util.ContentType;
import com.android.messaging.util.LogUtil;
import com.android.messaging.util.MediaMetadataRetrieverWrapper;
+import com.android.messaging.util.FileUtil;
import java.io.IOException;
import java.util.ArrayList;
@@ -158,8 +159,12 @@
}
private void addSharedImagePartToDraft(final String contentType, final Uri imageUri) {
- mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType,
- imageUri));
+ if (FileUtil.isInPrivateDir(getBaseContext(), imageUri)) {
+ Assert.fail("Cannot send private file " + imageUri.toString());
+ } else {
+ mDraftMessage.addPart(PendingAttachmentData.createPendingAttachmentData(contentType,
+ imageUri));
+ }
}
@Override
diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java
index 7c47ae9..f8051ed 100644
--- a/src/com/android/messaging/util/FileUtil.java
+++ b/src/com/android/messaging/util/FileUtil.java
@@ -16,7 +16,10 @@
package com.android.messaging.util;
+import android.content.ContentResolver;
import android.content.Context;
+import android.net.Uri;
+import android.text.TextUtils;
import android.webkit.MimeTypeMap;
import com.android.messaging.Factory;
@@ -116,6 +119,20 @@
}
}
+ private static boolean isFileUri(final Uri uri) {
+ return TextUtils.equals(uri.getScheme(), ContentResolver.SCHEME_FILE);
+ }
+
+ // Checks if the file is in /data/data/com.android.messaging
+ // The other app folders are either symlinks to this, or hold non-private data like binaries.
+ public static boolean isInPrivateDir(Context context, Uri uri) {
+ if (!isFileUri(uri)) {
+ return false;
+ }
+ final File file = new File(uri.getPath());
+ return FileUtil.isSameOrSubDirectory(new File(context.getApplicationInfo().dataDir), file);
+ }
+
/**
* Checks, whether the child directory is the same as, or a sub-directory of the base
* directory.