Prevent malicious app that could return private file from another package when sharing file in chat
This commit is contained in:
Sylvain Berfini
parent
546db7355b
commit
d4d95b7835
2 changed files with 24 additions and 1 deletions
|
|
@ -389,7 +389,12 @@ class MainActivity : GenericActivity(), SnackBarActivity, NavController.OnDestin
|
||||||
// Prevent this intent to be processed again
|
// Prevent this intent to be processed again
|
||||||
intent.action = null
|
intent.action = null
|
||||||
intent.data = null
|
intent.data = null
|
||||||
intent.extras?.clear()
|
val extras = intent.extras
|
||||||
|
if (extras != null) {
|
||||||
|
for (key in extras.keySet()) {
|
||||||
|
intent.removeExtra(key)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun handleMainIntent(intent: Intent) {
|
private fun handleMainIntent(intent: Intent) {
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,10 @@ import android.content.Intent
|
||||||
import android.database.CursorIndexOutOfBoundsException
|
import android.database.CursorIndexOutOfBoundsException
|
||||||
import android.net.Uri
|
import android.net.Uri
|
||||||
import android.os.Environment
|
import android.os.Environment
|
||||||
|
import android.os.ParcelFileDescriptor
|
||||||
|
import android.os.Process.myUid
|
||||||
import android.provider.OpenableColumns
|
import android.provider.OpenableColumns
|
||||||
|
import android.system.Os.fstat
|
||||||
import android.webkit.MimeTypeMap
|
import android.webkit.MimeTypeMap
|
||||||
import androidx.core.content.FileProvider
|
import androidx.core.content.FileProvider
|
||||||
import java.io.*
|
import java.io.*
|
||||||
|
|
@ -270,6 +273,21 @@ class FileUtils {
|
||||||
var result: String? = null
|
var result: String? = null
|
||||||
val name: String = getNameFromUri(uri, context)
|
val name: String = getNameFromUri(uri, context)
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (fstat(
|
||||||
|
ParcelFileDescriptor.open(
|
||||||
|
File(uri.path),
|
||||||
|
ParcelFileDescriptor.MODE_READ_ONLY
|
||||||
|
).fileDescriptor
|
||||||
|
).st_uid != myUid()
|
||||||
|
) {
|
||||||
|
Log.e("[File Utils] File descriptor UID different from our, denying copy!")
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
} catch (e: Exception) {
|
||||||
|
Log.e("[File Utils] Can't check file ownership: ", e)
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
val localFile: File = createFile(name)
|
val localFile: File = createFile(name)
|
||||||
val remoteFile =
|
val remoteFile =
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue