DO NOT MERGE - Merge pie-platform-release (PPRL.190105.001) into master
Bug: 122685541
Change-Id: I42d133a6a2714917a37d030ff894d5936f5c75bc
diff --git a/src/com/android/contacts/util/ContactPhotoUtils.java b/src/com/android/contacts/util/ContactPhotoUtils.java
index 943f5dd..d0e0658 100644
--- a/src/com/android/contacts/util/ContactPhotoUtils.java
+++ b/src/com/android/contacts/util/ContactPhotoUtils.java
@@ -18,6 +18,7 @@
package com.android.contacts.util;
import android.content.ClipData;
+import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
import android.graphics.Bitmap;
@@ -26,11 +27,9 @@
import android.provider.MediaStore;
import android.support.v4.content.FileProvider;
import android.util.Log;
-
import com.android.contacts.R;
import com.google.common.io.Closeables;
-
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
@@ -148,7 +147,7 @@
*/
public static boolean savePhotoFromUriToUri(Context context, Uri inputUri, Uri outputUri,
boolean deleteAfterSave) {
- if (inputUri == null || outputUri == null) {
+ if (inputUri == null || outputUri == null || isFilePathAndNotStorage(inputUri)) {
return false;
}
try (FileOutputStream outputStream = context.getContentResolver()
@@ -175,4 +174,20 @@
}
return true;
}
+
+ /**
+ * Returns {@code true} if the {@code inputUri} is a FILE scheme and it does not point to
+ * the storage directory.
+ */
+ private static boolean isFilePathAndNotStorage(Uri inputUri) {
+ if (ContentResolver.SCHEME_FILE.equals(inputUri.getScheme())) {
+ try {
+ File file = new File(inputUri.getPath()).getCanonicalFile();
+ return !file.getCanonicalPath().startsWith("/storage/");
+ } catch (IOException e) {
+ return false;
+ }
+ }
+ return false;
+ }
}
diff --git a/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
new file mode 100644
index 0000000..d17b98c
--- /dev/null
+++ b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
@@ -0,0 +1,49 @@
+package com.android.contacts.util;
+
+import android.net.Uri;
+import android.test.AndroidTestCase;
+import android.test.suitebuilder.annotation.SmallTest;
+
+/**
+ * Test cases for {@link ContactPhotoUtils}.
+ *
+ * adb shell am instrument -w -e class com.android.contacts.util.ContactPhotoUtilsTest \
+ * com.android.contacts.tests/android.test.InstrumentationTestRunner
+ */
+@SmallTest
+public class ContactPhotoUtilsTest extends AndroidTestCase {
+
+ private Uri tempUri;
+
+ @Override
+ protected void setUp() throws Exception {
+ tempUri = ContactPhotoUtils.generateTempImageUri(getContext());
+ }
+
+ protected void tearDown() throws Exception {
+ getContext().getContentResolver().delete(tempUri, null, null);
+ }
+
+ public void testFileUriDataPathFails() {
+ String filePath =
+ "file:///data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+ assertFalse(
+ ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+ }
+
+ public void testFileUriCanonicalDataPathFails() {
+ String filePath =
+ "file:///storage/../data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+ assertFalse(
+ ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+ }
+
+ public void testContentUriInternalPasses() {
+ Uri internal = ContactPhotoUtils.generateTempImageUri(getContext());
+
+ assertTrue(
+ ContactPhotoUtils.savePhotoFromUriToUri(getContext(), internal, tempUri, true));
+ }
+}
