commit | 52e601d0bbada4f5e88535155a28ff2f1ef46566 | [log] [tgz] |
---|---|---|
author | Sergey Nikolaienkov <sergeynv@google.com> | Tue Mar 28 12:22:31 2023 +0200 |
committer | android-t1 <android-t1@t2mobile.com> | Wed Sep 13 14:24:17 2023 +0800 |
tree | 5ab48656872a1cfea254cd9f7d40bc2bd881ee13 | |
parent | 07a5816abb1fb673a2b8f0d2c125ee419dcc5f1b [diff] |
Fix path traversal vulnerabilities in MediaProvider Canonicalize filepath provided by the caller when hanling SCAN_FILE_CALL method call in MediaProvider. Additionally, make sure to check access permission in SCAN_FILE_CALL (using enforceCallingPermissionInternal()). Preemptively canonicalize Files provided as an arguments to the public API methods in ModernMediaScanner (scanFile(), scanDirectory() and onDirectoryDirty()) to prevent path traversal attacks. Bug: 262244882 Test: atest MediaProviderTests (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5bb32d7fba00b9e53c7e20ae8acaf6f84a8b2e8d) Merged-In: I61e77d69ae857984b819fa0ea27bec5c26a34842 Change-Id: I61e77d69ae857984b819fa0ea27bec5c26a34842