Warn when exposing file:// Uris beyond a process.
Check for file:// Uris inside Intents, ClipData, Notifications and
RemoteViews when StrictMode option is enabled.
Also introduces Intent.prepareToLeaveProcess() to uniformly handle
Intents about to leave an app process.
Bug: 8529070
Change-Id: I8efb43877cbc5f21eb029fc6492b3ee1415059ef
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 0efd6b0..23c56fb 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -32,6 +32,7 @@
import android.os.IBinder;
import android.os.Parcel;
import android.os.Parcelable;
+import android.os.StrictMode;
import android.util.AttributeSet;
import android.util.Log;
@@ -6958,6 +6959,32 @@
}
/**
+ * Prepare this {@link Intent} to leave an app process.
+ *
+ * @hide
+ */
+ public void prepareToLeaveProcess() {
+ setAllowFds(false);
+
+ if (mSelector != null) {
+ mSelector.prepareToLeaveProcess();
+ }
+ if (mClipData != null) {
+ mClipData.prepareToLeaveProcess();
+ }
+
+ if (mData != null && StrictMode.vmFileUriExposureEnabled()) {
+ // There are several ACTION_MEDIA_* broadcasts that send file://
+ // Uris, so only check common actions.
+ if (ACTION_VIEW.equals(mAction) ||
+ ACTION_EDIT.equals(mAction) ||
+ ACTION_ATTACH_DATA.equals(mAction)) {
+ mData.checkFileUriExposed("Intent.getData()");
+ }
+ }
+ }
+
+ /**
* Migrate any {@link #EXTRA_STREAM} in {@link #ACTION_SEND} and
* {@link #ACTION_SEND_MULTIPLE} to {@link ClipData}. Also inspects nested
* intents in {@link #ACTION_CHOOSER}.