isDataOrObbPath blocks access to Android/[data|obb] dirs only
isDataOrObbPath is a check used to restrict apps from accessing
Android/data and Android/obb directories via FUSE. However, if the app
is trying to access another directory in Android/data or Android/obb,
then we should not return early and should check if they have access to
the app package directory.
This only affects secondary volumes, as primary volumes Android/data and
Android/obb directories do not go through FUSE.
Bug: 201667614
Test: atest FileUtilsTest
Change-Id: I9d73c8c1ed40efb8bc851e9f510d4f7453367308
Merged-In: I9d73c8c1ed40efb8bc851e9f510d4f7453367308
(cherry picked from commit fe79a43a890d9c54655b0ad0beeab58958aa1cfb)
(cherry picked from commit bae2794639a349d2f7b1a66915d89c51c9334164)
Merged-In: I9d73c8c1ed40efb8bc851e9f510d4f7453367308
diff --git a/src/com/android/providers/media/util/FileUtils.java b/src/com/android/providers/media/util/FileUtils.java
index 1c4edb3..bbf04de 100644
--- a/src/com/android/providers/media/util/FileUtils.java
+++ b/src/com/android/providers/media/util/FileUtils.java
@@ -973,12 +973,13 @@
"(?i)^Android/(?:data|media|obb)/([^/]+)(/?.*)?");
/**
- * Regex that matches Android/obb or Android/data path.
+ * Regex that matches exactly Android/obb or Android/data or Android/obb/ or Android/data/
+ * suffix absolute file path.
*/
private static final Pattern PATTERN_DATA_OR_OBB_PATH = Pattern.compile(
"(?i)^/storage/[^/]+/(?:[0-9]+/)?"
+ PROP_CROSS_USER_ROOT_PATTERN
- + "Android/(?:data|obb)(?:/.*)?$");
+ + "Android/(?:data|obb)/?$");
/**
* Regex that matches Android/obb or Android/data relative path (as defined in
diff --git a/tests/src/com/android/providers/media/util/FileUtilsTest.java b/tests/src/com/android/providers/media/util/FileUtilsTest.java
index 4704aa1..a1f2b82 100644
--- a/tests/src/com/android/providers/media/util/FileUtilsTest.java
+++ b/tests/src/com/android/providers/media/util/FileUtilsTest.java
@@ -1022,11 +1022,16 @@
assertThat(isDataOrObbPath("/storage/emulated/0/Android/obb")).isTrue();
assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/data")).isTrue();
assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/obb")).isTrue();
- assertThat(isDataOrObbPath("/storage/emulated/0/Android/data/foo")).isTrue();
- assertThat(isDataOrObbPath("/storage/emulated/0/Android/obb/foo")).isTrue();
- assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/data/foo")).isTrue();
- assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/obb/foo")).isTrue();
+ assertThat(isDataOrObbPath("/storage/emulated/0/Android/data/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated/0/Android/obb/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/data/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/obb/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated/10/Android/obb/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated//Android/obb/foo")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated//Android/obb")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated/0//Android/obb")).isFalse();
+ assertThat(isDataOrObbPath("/storage/emulated/0//Android/obb/foo")).isFalse();
assertThat(isDataOrObbPath("/storage/emulated/0/Android/")).isFalse();
assertThat(isDataOrObbPath("/storage/emulated/0/Android/media/")).isFalse();
assertThat(isDataOrObbPath("/storage/ABCD-1234/Android/media/")).isFalse();
