hacky workaround to determine if uri points to private file on < lolipop

This commit is contained in:
Daniel Gultsch 2016-04-13 11:14:36 +02:00
parent 4332b0df44
commit 594e65bb2b
3 changed files with 25 additions and 9 deletions

View file

@ -693,13 +693,29 @@ public class FileBackend {
}
public static boolean weOwnFile(Uri uri) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
public static boolean weOwnFile(Context context, Uri uri) {
if (uri == null || !ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
return false;
} else if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
return fileIsInFilesDir(context, uri);
} else {
return uri != null
&& ContentResolver.SCHEME_FILE.equals(uri.getScheme())
&& weOwnFileLollipop(uri);
return weOwnFileLollipop(uri);
}
}
/**
* This is more than hacky but probably way better than doing nothing
* Further 'optimizations' might contain to get the parents of CacheDir and NoBackupDir
* and check against those as well
*/
private static boolean fileIsInFilesDir(Context context, Uri uri) {
try {
final String haystack = context.getFilesDir().getParentFile().getCanonicalPath();
final String needle = new File(uri.getPath()).getCanonicalPath();
return needle.startsWith(haystack);
} catch (IOException e) {
return false;
}
}

View file

@ -403,7 +403,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
public void attachFileToConversation(final Conversation conversation,
final Uri uri,
final UiCallback<Message> callback) {
if (FileBackend.weOwnFile(uri)) {
if (FileBackend.weOwnFile(this, uri)) {
Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
callback.error(R.string.security_error_invalid_file_access, null);
return;
@ -446,7 +446,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
}
public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback<Message> callback) {
if (FileBackend.weOwnFile(uri)) {
if (FileBackend.weOwnFile(this, uri)) {
Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
callback.error(R.string.security_error_invalid_file_access, null);
return;

View file

@ -191,7 +191,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
Uri source = data.getData();
switch (requestCode) {
case REQUEST_CHOOSE_FILE_AND_CROP:
if (FileBackend.weOwnFile(source)) {
if (FileBackend.weOwnFile(this, source)) {
Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
return;
}
@ -204,7 +204,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
Crop.of(source, destination).asSquare().withMaxSize(size, size).start(this);
break;
case REQUEST_CHOOSE_FILE:
if (FileBackend.weOwnFile(source)) {
if (FileBackend.weOwnFile(this, source)) {
Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
return;
}