Don't allow file attachment from /data through GET_CONTENT.
A custom picker can be used to attach files to Compose activity. With
this change, we are disallowing files belonging to file:///data/... to
be attached from custom pickers, in order not to expose internal
application data.
If the Intent Uri is a "file" and the file is in
`Environment.getDataDirectory()`, then throw a
AttachmentFailureException
which is caught immediately and shows a toast to the user.
Details b/31494146#comment13
Fix b/32615212
FPIIM-184: Information disclosure vulnerability in AOSP Mail CVE-2017-0420 A-32615212
Change-Id: I037888b01fef1cdf5053602cdf9194286d5648df
(cherry picked from commit eace8b43e8d1512a205554715ca840324bfbe35f)
(cherry picked from commit 15f57f552c385d640f7acfe765bdc65a8e39c5e9)
diff --git a/src/com/android/mail/compose/ComposeActivity.java b/src/com/android/mail/compose/ComposeActivity.java
index 2dfac99..5f125ab 100644
--- a/src/com/android/mail/compose/ComposeActivity.java
+++ b/src/com/android/mail/compose/ComposeActivity.java
@@ -2018,19 +2018,15 @@
if (contentUri == null) {
return;
}
- try {
- if (handleSpecialAttachmentUri(contentUri)) {
- return;
- }
+ if (handleSpecialAttachmentUri(contentUri)) {
+ return;
+ }
- addAttachmentAndUpdateView(mAttachmentsView.generateLocalAttachment(contentUri));
- } catch (AttachmentFailureException e) {
- LogUtils.e(LOG_TAG, e, "Error adding attachment");
- showErrorToast(getResources().getString(
- e.getErrorRes(),
- AttachmentUtils.convertToHumanReadableSize(
- getApplicationContext(), mAccount.settings.getMaxAttachmentSize())));
+ final long size = handleAttachmentUrisFromIntent(Arrays.asList(contentUri));
+ if (size > 0) {
+ mAttachmentsChanged = true;
+ updateSaveUi();
}
}