Google Git
Sign in
android/platform/packages/apps/Gallery2/8e0a97b1757a2a27d61d354f4a5d3ea8507ba788^2..8e0a97b1757a2a27d61d354f4a5d3ea8507ba788/.
commit
8e0a97b1757a2a27d61d354f4a5d3ea8507ba788
[log] [tgz]
author
Henri Chataing <henrichataing@google.com>
Mon Mar 13 20:07:20 2023 +0000
committer
Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Mon Mar 13 20:07:20 2023 +0000
tree
1d69d75639ad49bb90da64f9ebd3f4864c954999
parent
d507c9be3490fe1c06212fb76f10829ba9d727db [diff]
parent
2823c66f49e562f7906e3ec4232c1f39a72fae8b [diff]
Merge "Remove Nfc beam sharing capability" am: 1ddae3e4a9 am: 6e9686146b am: 2823c66f49

Original change: https://android-review.googlesource.com/c/platform/packages/apps/Gallery2/+/2475610

Change-Id: I378f6a2279a48ef44e86a50029c9d7884fcc1db9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/src/com/android/gallery3d/data/MtpClient.java b/src/com/android/gallery3d/data/MtpClient.java
index 737b5b6..0b25bf9 100644
--- a/src/com/android/gallery3d/data/MtpClient.java
+++ b/src/com/android/gallery3d/data/MtpClient.java

@@ -172,7 +172,7 @@
         filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED);
         filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED);
         filter.addAction(ACTION_USB_PERMISSION);
-        context.registerReceiver(mUsbReceiver, filter);
+        context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/);
     }
 
     /**

diff --git a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java
index bc17a6e..fc7ec60 100644
--- a/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java
+++ b/src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java

@@ -29,16 +29,20 @@
 
 import java.io.File;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 
 public class SharedImageProvider extends ContentProvider {
 
     private static final String LOGTAG = "SharedImageProvider";
 
     public static final String MIME_TYPE = "image/jpeg";
-    public static final String AUTHORITY = "com.android.gallery3d.filtershow.provider.SharedImageProvider";
+    public static final String AUTHORITY =
+            "com.android.gallery3d.filtershow.provider.SharedImageProvider";
     public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/image");
     public static final String PREPARE = "prepare";
 
+    public static String LOCAL_PATH = (new File(CONTENT_URI.getPath())).getAbsolutePath();
+
     private final String[] mMimeStreamType = {
             MIME_TYPE
     };
@@ -83,13 +87,14 @@
     }
 
     @Override
-    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
+    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+            String sortOrder) {
         String uriPath = uri.getLastPathSegment();
         if (uriPath == null) {
             return null;
         }
         if (projection == null) {
-            projection = new String[] {
+            projection = new String[]{
                     BaseColumns._ID,
                     MediaStore.MediaColumns.DATA,
                     OpenableColumns.DISPLAY_NAME,
@@ -130,8 +135,32 @@
         // Here we need to block until the image is ready
         mImageReadyCond.block();
         File path = new File(uriPath);
+        ensureValidImagePath(path);
         int imode = 0;
         imode |= ParcelFileDescriptor.MODE_READ_ONLY;
         return ParcelFileDescriptor.open(path, imode);
     }
+
+    /**
+     * Ensure that the provided file path is part of the image directory.
+     * Prevent unauthorized access to other directories by path traversal.
+     * Throw security exception for paths outside the directory.
+     *
+     * @param path The path of the file to check. This path is expected to point to the image
+     *             directory.
+     * @throws SecurityException     Throws SecurityException if the path is not part of the image
+     *                               directory.
+     * @throws FileNotFoundException Throws FileNotFoundException if there is
+     *                               no file associated with the given URI.
+     */
+    private void ensureValidImagePath(File path) throws FileNotFoundException {
+        try {
+            if (!path.getCanonicalPath().startsWith(LOCAL_PATH)) {
+                throw new SecurityException(
+                        "The requested file path is not part of the image directory");
+            }
+        } catch (IOException e) {
+            throw new FileNotFoundException(e.getMessage());
+        }
+    }
 }

diff --git a/src/com/android/gallery3d/ingest/data/MtpClient.java b/src/com/android/gallery3d/ingest/data/MtpClient.java
index cc6c9ce..3943a6d 100644
--- a/src/com/android/gallery3d/ingest/data/MtpClient.java
+++ b/src/com/android/gallery3d/ingest/data/MtpClient.java

@@ -170,7 +170,7 @@
     filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED);
     filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED);
     filter.addAction(ACTION_USB_PERMISSION);
-    context.registerReceiver(mUsbReceiver, filter);
+    context.registerReceiver(mUsbReceiver, filter, Context.RECEIVER_EXPORTED/*UNAUDITED*/);
   }
 
   /**