hacky workaround to determine if uri points to private file on < lolipop

This commit is contained in:
Daniel Gultsch 2016-04-13 11:14:36 +02:00
parent 4332b0df44
commit 594e65bb2b
3 changed files with 25 additions and 9 deletions

View File

@ -693,13 +693,29 @@ public class FileBackend {
} }
public static boolean weOwnFile(Uri uri) { public static boolean weOwnFile(Context context, Uri uri) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) { if (uri == null || !ContentResolver.SCHEME_FILE.equals(uri.getScheme())) {
return false; return false;
} else if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
return fileIsInFilesDir(context, uri);
} else { } else {
return uri != null return weOwnFileLollipop(uri);
&& ContentResolver.SCHEME_FILE.equals(uri.getScheme()) }
&& weOwnFileLollipop(uri); }
/**
* This is more than hacky but probably way better than doing nothing
* Further 'optimizations' might contain to get the parents of CacheDir and NoBackupDir
* and check against those as well
*/
private static boolean fileIsInFilesDir(Context context, Uri uri) {
try {
final String haystack = context.getFilesDir().getParentFile().getCanonicalPath();
final String needle = new File(uri.getPath()).getCanonicalPath();
return needle.startsWith(haystack);
} catch (IOException e) {
return false;
} }
} }

View File

@ -403,7 +403,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
public void attachFileToConversation(final Conversation conversation, public void attachFileToConversation(final Conversation conversation,
final Uri uri, final Uri uri,
final UiCallback<Message> callback) { final UiCallback<Message> callback) {
if (FileBackend.weOwnFile(uri)) { if (FileBackend.weOwnFile(this, uri)) {
Log.d(Config.LOGTAG,"trying to attach file that belonged to us"); Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
callback.error(R.string.security_error_invalid_file_access, null); callback.error(R.string.security_error_invalid_file_access, null);
return; return;
@ -446,7 +446,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
} }
public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback<Message> callback) { public void attachImageToConversation(final Conversation conversation, final Uri uri, final UiCallback<Message> callback) {
if (FileBackend.weOwnFile(uri)) { if (FileBackend.weOwnFile(this, uri)) {
Log.d(Config.LOGTAG,"trying to attach file that belonged to us"); Log.d(Config.LOGTAG,"trying to attach file that belonged to us");
callback.error(R.string.security_error_invalid_file_access, null); callback.error(R.string.security_error_invalid_file_access, null);
return; return;

View File

@ -191,7 +191,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
Uri source = data.getData(); Uri source = data.getData();
switch (requestCode) { switch (requestCode) {
case REQUEST_CHOOSE_FILE_AND_CROP: case REQUEST_CHOOSE_FILE_AND_CROP:
if (FileBackend.weOwnFile(source)) { if (FileBackend.weOwnFile(this, source)) {
Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show(); Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
return; return;
} }
@ -204,7 +204,7 @@ public class PublishProfilePictureActivity extends XmppActivity {
Crop.of(source, destination).asSquare().withMaxSize(size, size).start(this); Crop.of(source, destination).asSquare().withMaxSize(size, size).start(this);
break; break;
case REQUEST_CHOOSE_FILE: case REQUEST_CHOOSE_FILE:
if (FileBackend.weOwnFile(source)) { if (FileBackend.weOwnFile(this, source)) {
Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show(); Toast.makeText(this,R.string.security_error_invalid_file_access,Toast.LENGTH_SHORT).show();
return; return;
} }