Sanity-check paths of files to be restored (cherry picked from commit 7d51cc701a6735cf455af8479f56c9c0b2109e02) Bug: 16298491 Change-Id: I0c2d6523c9d152dad4d27d06d3853afd432e5af7

commit: 7bc601d5d7c4586c62ca72e3a9ac4dba1c0c2707 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Mon Sep 22 15:15:58 2014 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Mon Sep 22 23:21:20 2014 +0000
tree: 15fabe75994e72875ba91c30cde368385d53e46e
parent: 60f22fbf67a69e8f3604afb46ccd7c3bd2819cb1 [diff]
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index a537e99..2c88c32 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java

@@ -3390,6 +3390,14 @@
                                 break;
                         }
 
+                        // The path needs to be canonical
+                        if (info.path.contains("..") || info.path.contains("//")) {
+                            if (MORE_DEBUG) {
+                                Slog.w(TAG, "Dropping invalid path " + info.path);
+                            }
+                            okay = false;
+                        }
+
                         // If the policy is satisfied, go ahead and set up to pipe the
                         // data to the agent.
                         if (DEBUG && okay && mAgent != null) {
commit	7bc601d5d7c4586c62ca72e3a9ac4dba1c0c2707	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Mon Sep 22 15:15:58 2014 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Mon Sep 22 23:21:20 2014 +0000
tree	15fabe75994e72875ba91c30cde368385d53e46e
parent	60f22fbf67a69e8f3604afb46ccd7c3bd2819cb1 [diff]