Prevent sharesheet from previewing unowned URIs [RESTRICT AUTOMERGE]

Bug: 261036568 Test: manually via supplied tool (see bug) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cef32a8b8ad109cd3066e4ad249fadbb72aa5574) Merged-In: Iee1a75ef6ecbf471badeb42d8ebea11e74d884c1 Change-Id: Iee1a75ef6ecbf471badeb42d8ebea11e74d884c1
author: Mark Renouf <mrenouf@google.com> 2023-02-22 14:15:04 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-28 18:43:02 +0000
commit: e211ac074a98352bdc47d304befa796ece6dad09 (patch)
tree: 84043fce3f342d8f2eb72fe6c9310bf4f7c8c1d4
parent: 57d3a9229dc92181ff397d5fd29a024c1ae5ebed (diff)
download: base-e211ac074a98352bdc47d304befa796ece6dad09.tar.gz
1 files changed, 33 insertions, 2 deletions
diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
index 1fcfe7dd5b6f..09c1efb2c638 100644
--- a/core/java/com/android/internal/app/ChooserActivity.java
+++ b/core/java/com/android/internal/app/ChooserActivity.java
@@ -21,6 +21,7 @@ import static android.app.admin.DevicePolicyResources.Strings.Core.RESOLVER_CANT
 import static android.app.admin.DevicePolicyResources.Strings.Core.RESOLVER_CANT_SHARE_WITH_PERSONAL;
 import static android.app.admin.DevicePolicyResources.Strings.Core.RESOLVER_CANT_SHARE_WITH_WORK;
 import static android.app.admin.DevicePolicyResources.Strings.Core.RESOLVER_CROSS_PROFILE_BLOCKED_TITLE;
+import static android.content.ContentProvider.getUserIdFromUri;
 import static android.stats.devicepolicy.DevicePolicyEnums.RESOLVER_EMPTY_STATE_NO_SHARING_TO_PERSONAL;
 import static android.stats.devicepolicy.DevicePolicyEnums.RESOLVER_EMPTY_STATE_NO_SHARING_TO_WORK;
 
@@ -161,6 +162,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.function.Supplier;
+import java.util.stream.Collectors;
 
 /**
  * The Chooser Activity handles intent resolution specifically for sharing intents -
@@ -1424,7 +1426,11 @@ public class ChooserActivity extends ResolverActivity implements
 
         String action = targetIntent.getAction();
         if (Intent.ACTION_SEND.equals(action)) {
-            Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
+            Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM, android.net.Uri.class);
+            if (!validForContentPreview(uri)) {
+                contentPreviewLayout.setVisibility(View.GONE);
+                return contentPreviewLayout;
+            }
             imagePreview.findViewById(R.id.content_preview_image_1_large)
                     .setTransitionName(ChooserActivity.FIRST_IMAGE_PREVIEW_TRANSITION_NAME);
             mPreviewCoord.loadUriIntoView(R.id.content_preview_image_1_large, uri, 0);
@@ -1434,7 +1440,7 @@ public class ChooserActivity extends ResolverActivity implements
             List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
             List<Uri> imageUris = new ArrayList<>();
             for (Uri uri : uris) {
-                if (isImageType(resolver.getType(uri))) {
+                if (validForContentPreview(uri) && isImageType(resolver.getType(uri))) {
                     imageUris.add(uri);
                 }
             }
@@ -1544,9 +1550,16 @@ public class ChooserActivity extends ResolverActivity implements
         String action = targetIntent.getAction();
         if (Intent.ACTION_SEND.equals(action)) {
             Uri uri = targetIntent.getParcelableExtra(Intent.EXTRA_STREAM);
+            if (!validForContentPreview(uri)) {
+                contentPreviewLayout.setVisibility(View.GONE);
+                return contentPreviewLayout;
+            }
             loadFileUriIntoView(uri, contentPreviewLayout);
         } else {
             List<Uri> uris = targetIntent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
+            uris = uris.stream()
+                    .filter(ChooserActivity::validForContentPreview)
+                    .collect(Collectors.toList());
             int uriCount = uris.size();
 
             if (uriCount == 0) {
@@ -1605,6 +1618,24 @@ public class ChooserActivity extends ResolverActivity implements
         }
     }
 
+    /**
+     * Indicate if the incoming content URI should be allowed.
+     *
+     * @param uri the uri to test
+     * @return true if the URI is allowed for content preview
+     */
+    private static boolean validForContentPreview(Uri uri) throws SecurityException {
+        if (uri == null) {
+            return false;
+        }
+        int userId = getUserIdFromUri(uri, UserHandle.USER_CURRENT);
+        if (userId != UserHandle.USER_CURRENT && userId != UserHandle.myUserId()) {
+            Log.e(TAG, "dropped invalid content URI belonging to user " + userId);
+            return false;
+        }
+        return true;
+    }
+
     @VisibleForTesting
     protected boolean isImageType(String mimeType) {
         return mimeType != null && mimeType.startsWith("image/");
author	Mark Renouf <mrenouf@google.com>	2023-02-22 14:15:04 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-28 18:43:02 +0000
commit	e211ac074a98352bdc47d304befa796ece6dad09 (patch)
tree	84043fce3f342d8f2eb72fe6c9310bf4f7c8c1d4
parent	57d3a9229dc92181ff397d5fd29a024c1ae5ebed (diff)
download	base-e211ac074a98352bdc47d304befa796ece6dad09.tar.gz