Add README am: 3aeba4cab6 am: 591bf2432c
Original change: https://android-review.googlesource.com/c/platform/packages/apps/Messaging/+/2614297
Change-Id: I6fa9f9f108e9af79cadd6679b1e2c12d0cb6df19
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java b/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
index 5500ae8..c869839 100644
--- a/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
+++ b/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
@@ -37,6 +37,8 @@
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.List;
/**
* Launches ConversationActivity for sending a message to, or viewing messages from, a specific
@@ -46,6 +48,7 @@
*/
public class LaunchConversationActivity extends Activity implements
LaunchConversationData.LaunchConversationDataListener {
+ private static final int MAX_RECIPIENT_LENGTH = 100;
static final String SMS_BODY = "sms_body";
static final String ADDRESS = "address";
final Binding<LaunchConversationData> mBinding = BindingBase.createBinding(this);
@@ -76,6 +79,9 @@
recipients = new String[] { intent.getStringExtra(Intent.EXTRA_EMAIL) };
}
}
+ if (recipients != null) {
+ recipients = trimInvalidRecipients(recipients);
+ }
mSmsBody = intent.getStringExtra(SMS_BODY);
if (TextUtils.isEmpty(mSmsBody)) {
// Used by intents sent from the web YouTube (and perhaps others).
@@ -103,6 +109,20 @@
finish();
}
+ private String[] trimInvalidRecipients(String[] recipients) {
+ List<String> trimmedRecipients = new ArrayList<>();
+ for (String recipient : recipients) {
+ if (recipient.length() < MAX_RECIPIENT_LENGTH) {
+ trimmedRecipients.add(recipient);
+ }
+ }
+ if (trimmedRecipients.size() > 0) {
+ return trimmedRecipients.toArray(new String[0]);
+ } else {
+ return null;
+ }
+ }
+
private String getBody(final Uri uri) {
if (uri == null) {
return null;
diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java
index 71fbb4b..e7d86f2 100644
--- a/src/com/android/messaging/util/FileUtil.java
+++ b/src/com/android/messaging/util/FileUtil.java
@@ -20,6 +20,7 @@
import android.content.Context;
import android.net.Uri;
import android.os.Environment;
+import android.os.ParcelFileDescriptor;
import android.text.TextUtils;
import com.android.messaging.Factory;
@@ -28,6 +29,8 @@
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
@@ -121,6 +124,10 @@
// We're told it's possible to create world readable hardlinks to other apps private data
// so we ban all /data file uris.
public static boolean isInPrivateDir(Uri uri) {
+ return isFileUriInPrivateDir(uri) || isContentUriInPrivateDir(uri);
+ }
+
+ private static boolean isFileUriInPrivateDir(Uri uri) {
if (!UriUtil.isFileUri(uri)) {
return false;
}
@@ -128,6 +135,24 @@
return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file);
}
+ private static boolean isContentUriInPrivateDir(Uri uri) {
+ if (!uri.getScheme().equals(ContentResolver.SCHEME_CONTENT)) {
+ return false;
+ }
+ try {
+ Context context = Factory.get().getApplicationContext();
+ ParcelFileDescriptor pfd = context.getContentResolver().openFileDescriptor(uri, "r");
+ int fd = pfd.getFd();
+ // Use the file descriptor to find out the read file path through symbolic link.
+ Path fdPath = Paths.get("/proc/self/fd/" + fd);
+ Path filePath = java.nio.file.Files.readSymbolicLink(fdPath);
+ pfd.close();
+ return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), filePath.toFile());
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
/**
* Checks, whether the child directory is the same as, or a sub-directory of the base
* directory.