Use canonical path before checking access. Prevents possible change on symlink between checkAcess() and ParcelFileDescriptor.open(). Test: run poc 10+ times. atest CtsProviderTestCases Bug: 124329382 Change-Id: Ic796137dd2f3b6ef3fe1833a41016a525481f3f6 Merged-In: Iaef53bb86225a029c619905c2283c3f50a8a646c

commit: 93a200d703624bb38453c59a1ed6ecf6c626e5ad [log] [tgz]
author: Dongwon Kang <dwkang@google.com> Mon Apr 08 15:40:32 2019 -0700
committer: Dongwon Kang <dwkang@google.com> Tue Apr 09 16:34:12 2019 +0000
tree: 4c90408341c0184e944647e621120470be5120f5
parent: 7d2d26d85ef8b4ad6f65e0a6a4891c10cd5467de [diff]
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
index 4a87e33..b3ecabc 100644
--- a/src/com/android/providers/media/MediaProvider.java
+++ b/src/com/android/providers/media/MediaProvider.java

@@ -4858,6 +4858,11 @@
         final int modeBits = ParcelFileDescriptor.parseMode(mode);
 
         File file = queryForDataFile(uri);
+        try {
+            file = file.getCanonicalFile();
+        } catch (IOException e) {
+            throw new FileNotFoundException("Failed to get cannonical path for " + uri);
+        }
 
         checkAccess(uri, file, modeBits);
commit	93a200d703624bb38453c59a1ed6ecf6c626e5ad	[log] [tgz]
author	Dongwon Kang <dwkang@google.com>	Mon Apr 08 15:40:32 2019 -0700
committer	Dongwon Kang <dwkang@google.com>	Tue Apr 09 16:34:12 2019 +0000
tree	4c90408341c0184e944647e621120470be5120f5
parent	7d2d26d85ef8b4ad6f65e0a6a4891c10cd5467de [diff]