commit | 93a200d703624bb38453c59a1ed6ecf6c626e5ad | [log] [tgz] |
---|---|---|
author | Dongwon Kang <dwkang@google.com> | Mon Apr 08 15:40:32 2019 -0700 |
committer | Dongwon Kang <dwkang@google.com> | Tue Apr 09 16:34:12 2019 +0000 |
tree | 4c90408341c0184e944647e621120470be5120f5 | |
parent | 7d2d26d85ef8b4ad6f65e0a6a4891c10cd5467de [diff] |
Use canonical path before checking access. Prevents possible change on symlink between checkAcess() and ParcelFileDescriptor.open(). Test: run poc 10+ times. atest CtsProviderTestCases Bug: 124329382 Change-Id: Ic796137dd2f3b6ef3fe1833a41016a525481f3f6 Merged-In: Iaef53bb86225a029c619905c2283c3f50a8a646c
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java index 4a87e33..b3ecabc 100644 --- a/src/com/android/providers/media/MediaProvider.java +++ b/src/com/android/providers/media/MediaProvider.java
@@ -4858,6 +4858,11 @@ final int modeBits = ParcelFileDescriptor.parseMode(mode); File file = queryForDataFile(uri); + try { + file = file.getCanonicalFile(); + } catch (IOException e) { + throw new FileNotFoundException("Failed to get cannonical path for " + uri); + } checkAccess(uri, file, modeBits);