hacky workaround to determine if uri points to private file on < lolipop

2016-04-13 11:14:36 +02:00 · 2016-04-13 11:14:36 +02:00 · 594e65bb2b
parent 4332b0df44
commit 594e65bb2b
3 changed files with 25 additions and 9 deletions
--- a/src/main/java/eu/siacs/conversations/persistance/FileBackend.java
+++ b/src/main/java/eu/siacs/conversations/persistance/FileBackend.java
@ -693,13 +693,29 @@ public class FileBackend {
 	}


-	public static boolean weOwnFile(Uri uri) {
-		if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
+	public static boolean weOwnFile(Context context, Uri uri) {
+		if (uri == null || !ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
 			return false;
+		} else if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
+			return fileIsInFilesDir(context, uri);
 		} else {
-			return uri != null
-					&& ContentResolver.SCHEME_FILE.equals(uri.getScheme())
-					&& weOwnFileLollipop(uri);
+			return weOwnFileLollipop(uri);
+		}
+	}
+
+
+	/**
+	 * This is more than hacky but probably way better than doing nothing
+	 * Further 'optimizations' might contain to get the parents of CacheDir and NoBackupDir
+	 * and check against those as well
+	 */
+	private static boolean fileIsInFilesDir(Context context, Uri uri) {
+		try {
+			final String haystack = context.getFilesDir().getParentFile().getCanonicalPath();
+			final String needle = new File(uri.getPath()).getCanonicalPath();
+			return needle.startsWith(haystack);
+		} catch (IOException e) {
+			return false;
 		}
 	}

--- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
+++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
@ -403,7 +403,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
 	public void attachFileToConversation(final Conversation conversation,
 										 final Uri uri,
 										 final UiCallback<Message> callback) {
-		if (FileBackend.weOwnFile(uri)) {
+		if (FileBackend.weOwnFile(this, uri)) {
 			Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
 			callback.error(R.string.security_error_invalid_file_access, null);
 			return;
@ -446,7 +446,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
 	}

 	public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback<Message> callback) {
-		if (FileBackend.weOwnFile(uri)) {
+		if (FileBackend.weOwnFile(this, uri)) {
 			Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
 			callback.error(R.string.security_error_invalid_file_access, null);
 			return;
--- a/src/main/java/eu/siacs/conversations/ui/PublishProfilePictureActivity.java
+++ b/src/main/java/eu/siacs/conversations/ui/PublishProfilePictureActivity.java
@ -191,7 +191,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
 			Uri source = data.getData();
 			switch (requestCode) {
 				case REQUEST_CHOOSE_FILE_AND_CROP:
-					if (FileBackend.weOwnFile(source)) {
+					if (FileBackend.weOwnFile(this, source)) {
 						Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
 						return;
 					}
@ -204,7 +204,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
 					Crop.of(source, destination).asSquare().withMaxSize(size, size).start(this);
 					break;
 				case REQUEST_CHOOSE_FILE:
-					if (FileBackend.weOwnFile(source)) {
+					if (FileBackend.weOwnFile(this, source)) {
 						Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
 						return;
 					}