Google Git
Sign in
android / platform / packages / apps / Gallery2 / refs/heads/android12L-dev
commit5cc923fa21413c031d99a9e5b9760dca0bf67b61[log] [tgz]
authorRaman Tenneti <rtenneti@google.com>Wed Jan 05 12:04:39 2022 -0800
committerRaman Tenneti <rtenneti@google.com>Wed Jan 05 21:57:36 2022 +0000
treedb16c06b258a76a3bf00ee148c5abcf1c939302f
parent83cb6ed2e4e860b20ae2d993b58df8b9f4ab1e82 [diff]
AOSP/Gallery2 - Disable copying of arbitrary private file of Gallery2 into External Storage.

+ ContentResolver.SCHEME_FILE is a constant defined as "file". A malicious
  app can use "File:" url to copy private files of Gallery2.

  Fix is to lowercase the scheme before doing the comparison.

Fix: 201535427
Bug: 201535427
Test: manual
Change-Id: I40672a0745ac65549c539da73ebb5b1710fd2821
(cherry picked from commit 0acea168f86f938bc99d872a79558b46e4b61c39)
1 file changed
tree: db16c06b258a76a3bf00ee148c5abcf1c939302f
  1. gallerycommon/
  2. jni/
  3. jni_jpegstream/
  4. res/
  5. src/
  6. src_pd/
  7. .gitignore
  8. Android.bp
  9. AndroidManifest.xml
  10. CleanSpec.mk
  11. jarjar-rules.txt
  12. OWNERS
  13. proguard.flags