commit | 5cc923fa21413c031d99a9e5b9760dca0bf67b61 | [log] [tgz] |
---|---|---|
author | Raman Tenneti <rtenneti@google.com> | Wed Jan 05 12:04:39 2022 -0800 |
committer | Raman Tenneti <rtenneti@google.com> | Wed Jan 05 21:57:36 2022 +0000 |
tree | db16c06b258a76a3bf00ee148c5abcf1c939302f | |
parent | 83cb6ed2e4e860b20ae2d993b58df8b9f4ab1e82 [diff] |
AOSP/Gallery2 - Disable copying of arbitrary private file of Gallery2 into External Storage. + ContentResolver.SCHEME_FILE is a constant defined as "file". A malicious app can use "File:" url to copy private files of Gallery2. Fix is to lowercase the scheme before doing the comparison. Fix: 201535427 Bug: 201535427 Test: manual Change-Id: I40672a0745ac65549c539da73ebb5b1710fd2821 (cherry picked from commit 0acea168f86f938bc99d872a79558b46e4b61c39)