Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit e63ec889 authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-10.0.0_r56' into staging/lineage-17.1_merge_android-security-10.0.0_r56 

Android security 10.0.0 release 56

* tag 'android-security-10.0.0_r56':
  Forbid content from MmsFileProvider in Bluetooth Share

Change-Id: Ibf1e1311316f41be705f477fd465498d0b5c5fce
parents 955bc9d7 faef22db

src/com/android/bluetooth/opp/BluetoothOppSendFileInfo.java

+6 −0
Original line number Diff line number Diff line
@@ -110,6 +110,12 @@ public class BluetoothOppSendFileInfo { 
        // This will allow more 3rd party applications to share files via

        // bluetooth

        if ("content".equals(scheme)) {

            if (fromExternal && BluetoothOppUtility.isForbiddenContent(uri)) {

                EventLog.writeEvent(0x534e4554, "179910660", -1, uri.toString());

                Log.e(TAG, "Content from forbidden URI is not allowed.");

                return SEND_FILE_INFO_ERROR;

            }



            contentType = contentResolver.getType(uri);

            Cursor metadataCursor;

            try {

src/com/android/bluetooth/opp/BluetoothOppUtility.java

+7 −0
Original line number Diff line number Diff line
@@ -429,6 +429,13 @@ public class BluetoothOppUtility { 
        return isSameOrSubDirectory(Environment.getExternalStorageDirectory(), file);

    }



    static boolean isForbiddenContent(Uri uri) {

        if ("com.android.bluetooth.map.MmsFileProvider".equals(uri.getHost())) {

            return true;

        }

        return false;

    }



    /**

     * Checks, whether the child directory is the same as, or a sub-directory of the base

     * directory. Neither base nor child should be null.