Don't allow read truncation or appending for file operations. (f54544f8) · Commits · e / os / android_frameworks_base

core/java/android/content/ContentProvider.java

+25 −4

Original line number	Diff line number	Diff line
		@@ -580,13 +580,14 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall
		throws FileNotFoundException {
		uri = validateIncomingUri(uri);
		uri = maybeGetUriWithoutUserId(uri);
		enforceFilePermission(attributionSource, uri, mode);
		final String updatedMode = validateFileMode(mode);
		enforceFilePermission(attributionSource, uri, updatedMode);
		traceBegin(TRACE_TAG_DATABASE, "openFile: ", uri.getAuthority());
		final AttributionSource original = setCallingAttributionSource(
		attributionSource);
		try {
		return mInterface.openFile(
		uri, mode, CancellationSignal.fromTransport(cancellationSignal));
		uri, updatedMode, CancellationSignal.fromTransport(cancellationSignal));
		} catch (RemoteException e) {
		throw e.rethrowAsRuntimeException();
		} finally {
		@@ -601,13 +602,14 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall
		throws FileNotFoundException {
		uri = validateIncomingUri(uri);
		uri = maybeGetUriWithoutUserId(uri);
		enforceFilePermission(attributionSource, uri, mode);
		final String updatedMode = validateFileMode(mode);
		enforceFilePermission(attributionSource, uri, updatedMode);
		traceBegin(TRACE_TAG_DATABASE, "openAssetFile: ", uri.getAuthority());
		final AttributionSource original = setCallingAttributionSource(
		attributionSource);
		try {
		return mInterface.openAssetFile(
		uri, mode, CancellationSignal.fromTransport(cancellationSignal));
		uri, updatedMode, CancellationSignal.fromTransport(cancellationSignal));
		} catch (RemoteException e) {
		throw e.rethrowAsRuntimeException();
		} finally {
		@@ -772,6 +774,25 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall
		}
		}

		private String validateFileMode(String mode) {
		// We currently only support the following modes: r, w, wt, wa, rw, rwt
		// Note: ideally, we should check against the allowed modes and throw a
		// SecurityException if the mode doesn't match any of them but to avoid app compat
		// issues, we're silently dropping bits which allow modifying files when the write bit
		// is not specified.
		if (mode != null && mode.indexOf('w') == -1) {
		// Don't allow truncation without write
		if (mode.indexOf('t') != -1) {
		mode = mode.replace("t", "");
		}
		// Don't allow appending without write
		if (mode.indexOf('a') != -1) {
		mode = mode.replace("a", "");
		}
		}
		return mode;
		}

		@Override
		public int checkUriPermission(@NonNull AttributionSource attributionSource, Uri uri,
		int uid, int modeFlags) {