prevent receiving (as share with target) file URIs
as Element (Matrix client) demonstrated again file URIs are unnecessarily dangerous. On Android 7+ there is no good reason to process them anymore
This commit is contained in:
Daniel Gultsch
parent
2ac4efa259
commit
86b733e159
|
|
@ -370,29 +370,35 @@ public class FileBackend {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static boolean weOwnFile(final Uri uri) {
|
public static boolean dangerousFile(final Uri uri) {
|
||||||
if (uri == null || !ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
|
if (uri == null || Strings.isNullOrEmpty(uri.getScheme())) {
|
||||||
return false;
|
return true;
|
||||||
} else {
|
|
||||||
return weOwnFileLollipop(uri);
|
|
||||||
}
|
}
|
||||||
|
if (ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
|
||||||
|
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
|
||||||
|
// On Android 7 (and apps that target 7) it is now longer possible to share files
|
||||||
|
// with a file scheme. By now you should probably not be running apps that target
|
||||||
|
// anything less than 7 any more
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return isFileOwnedByProcess(uri);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static boolean weOwnFileLollipop(final Uri uri) {
|
private static boolean isFileOwnedByProcess(final Uri uri) {
|
||||||
final String path = uri.getPath();
|
final String path = uri.getPath();
|
||||||
if (path == null) {
|
if (path == null) {
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
try {
|
try (final var pfd =
|
||||||
File file = new File(path);
|
ParcelFileDescriptor.open(new File(path), ParcelFileDescriptor.MODE_READ_ONLY)) {
|
||||||
FileDescriptor fd =
|
final FileDescriptor fd = pfd.getFileDescriptor();
|
||||||
ParcelFileDescriptor.open(file, ParcelFileDescriptor.MODE_READ_ONLY)
|
final StructStat st = Os.fstat(fd);
|
||||||
.getFileDescriptor();
|
|
||||||
StructStat st = Os.fstat(fd);
|
|
||||||
return st.st_uid == android.os.Process.myUid();
|
return st.st_uid == android.os.Process.myUid();
|
||||||
} catch (FileNotFoundException e) {
|
} catch (final Exception e) {
|
||||||
return false;
|
// when in doubt. better safe than sorry
|
||||||
} catch (Exception e) {
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2619,10 +2619,10 @@ public class ConversationFragment extends XmppFragment
|
||||||
final Iterator<Uri> iterator = uris.iterator();
|
final Iterator<Uri> iterator = uris.iterator();
|
||||||
while (iterator.hasNext()) {
|
while (iterator.hasNext()) {
|
||||||
final Uri uri = iterator.next();
|
final Uri uri = iterator.next();
|
||||||
if (FileBackend.weOwnFile(uri)) {
|
if (FileBackend.dangerousFile(uri)) {
|
||||||
iterator.remove();
|
iterator.remove();
|
||||||
Toast.makeText(
|
Toast.makeText(
|
||||||
getActivity(),
|
requireActivity(),
|
||||||
R.string.security_violation_not_attaching_file,
|
R.string.security_violation_not_attaching_file,
|
||||||
Toast.LENGTH_SHORT)
|
Toast.LENGTH_SHORT)
|
||||||
.show();
|
.show();
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue