Merge branch 'dev/11/fp3/security-aosp-rvc-release' into int/11/fp3
* dev/11/fp3/security-aosp-rvc-release:
Update file permissions using canonical path
Change-Id: Id6614db08056cc12ee46fb83d5bdb7973294cdac
diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
index b1462ae..cda84fd 100644
--- a/src/com/android/providers/telephony/MmsProvider.java
+++ b/src/com/android/providers/telephony/MmsProvider.java
@@ -1051,15 +1051,16 @@
uri.getPathSegments().get(1);
try {
+ File canonicalFile = new File(path).getCanonicalFile();
String partsDirPath = getContext().getDir(PARTS_DIR_NAME, 0).getCanonicalPath();
- if (!new File(path).getCanonicalPath().startsWith(partsDirPath)) {
+ if (!canonicalFile.getPath().startsWith(partsDirPath + '/')) {
EventLog.writeEvent(0x534e4554, "240685104",
Binder.getCallingUid(), (TAG + " update: path " + path +
" does not start with " + partsDirPath));
return 0;
}
// Reset the file permission back to read for everyone but me.
- Os.chmod(path, 0644);
+ Os.chmod(canonicalFile.getPath(), 0644);
if (LOCAL_LOGV) {
Log.d(TAG, "MmsProvider.update chmod is successful for path: " + path);
}