Merge "Prevent sharesheet from previewing unowned URIs" into tm-dev (93df65db) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/app/ChooserActivity.java

+34 −2

Original line number	Diff line number	Diff line
		@@ -16,6 +16,8 @@

		package com.android.internal.app;

		import static android.content.ContentProvider.getUserIdFromUri;

		import static com.android.internal.util.LatencyTracker.ACTION_LOAD_SHARE_SHEET;

		import static java.lang.annotation.RetentionPolicy.SOURCE;
		@@ -143,6 +145,7 @@ import java.util.HashMap;
		import java.util.List;
		import java.util.Map;
		import java.util.function.Supplier;
		import java.util.stream.Collectors;

		/**
		* The Chooser Activity handles intent resolution specifically for sharing intents -
		@@ -1292,7 +1295,7 @@ public class ChooserActivity extends ResolverActivity implements

		ImageView previewThumbnailView = contentPreviewLayout.findViewById(
		R.id.content_preview_thumbnail);
		if (previewThumbnail == null) {
		if (!validForContentPreview(previewThumbnail)) {
		previewThumbnailView.setVisibility(View.GONE);
		} else {
		mPreviewCoord = new ContentPreviewCoordinator(contentPreviewLayout, false);
		@@ -1322,6 +1325,10 @@ public class ChooserActivity extends ResolverActivity implements
		String action = targetIntent.getAction();
		if (Intent.ACTION_SEND.equals(action)) {
		Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
		if (!validForContentPreview(uri)) {
		contentPreviewLayout.setVisibility(View.GONE);
		return contentPreviewLayout;
		}
		imagePreview.findViewById(R.id.content_preview_image_1_large)
		.setTransitionName(ChooserActivity.FIRST_IMAGE_PREVIEW_TRANSITION_NAME);
		mPreviewCoord.loadUriIntoView(R.id.content_preview_image_1_large, uri, 0);
		@@ -1331,7 +1338,7 @@ public class ChooserActivity extends ResolverActivity implements
		List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
		List<Uri> imageUris = new ArrayList<>();
		for (Uri uri : uris) {
		if (isImageType(resolver.getType(uri))) {
		if (validForContentPreview(uri) && isImageType(resolver.getType(uri))) {
		imageUris.add(uri);
		}
		}
		@@ -1441,9 +1448,16 @@ public class ChooserActivity extends ResolverActivity implements
		String action = targetIntent.getAction();
		if (Intent.ACTION_SEND.equals(action)) {
		Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
		if (!validForContentPreview(uri)) {
		contentPreviewLayout.setVisibility(View.GONE);
		return contentPreviewLayout;
		}
		loadFileUriIntoView(uri, contentPreviewLayout);
		} else {
		List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
		uris = uris.stream()
		.filter(ChooserActivity::validForContentPreview)
		.collect(Collectors.toList());
		int uriCount = uris.size();

		if (uriCount == 0) {
		@@ -1502,6 +1516,24 @@ public class ChooserActivity extends ResolverActivity implements
		}
		}

		/**
		* Indicate if the incoming content URI should be allowed.
		*
		* @param uri the uri to test
		* @return true if the URI is allowed for content preview
		*/
		private static boolean validForContentPreview(Uri uri) throws SecurityException {
		if (uri == null) {
		return false;
		}
		int userId = getUserIdFromUri(uri, UserHandle.USER_CURRENT);
		if (userId != UserHandle.USER_CURRENT && userId != UserHandle.myUserId()) {
		Log.e(TAG, "dropped invalid content URI belonging to user " + userId);
		return false;
		}
		return true;
		}

		@VisibleForTesting
		protected boolean isImageType(String mimeType) {
		return mimeType != null && mimeType.startsWith("image/");