[Android] FileProvider: Do not allow access to private data
Geoffrey Métais
git at videolan.org
Tue Feb 5 13:48:15 CET 2019
vlc-android | branch: master | Geoffrey Métais <geoffrey.metais at gmail.com> | Tue Feb 5 13:08:55 2019 +0100| [71e465b0cad1956dde5d90e272064460a80abd5e] | committer: Geoffrey Métais
FileProvider: Do not allow access to private data
> https://code.videolan.org/videolan/vlc-android/commit/71e465b0cad1956dde5d90e272064460a80abd5e
---
vlc-android/src/org/videolan/vlc/FileProvider.kt | 1 +
1 file changed, 1 insertion(+)
diff --git a/vlc-android/src/org/videolan/vlc/FileProvider.kt b/vlc-android/src/org/videolan/vlc/FileProvider.kt
index e18ab93b0..6d59fcf2d 100644
--- a/vlc-android/src/org/videolan/vlc/FileProvider.kt
+++ b/vlc-android/src/org/videolan/vlc/FileProvider.kt
@@ -27,6 +27,7 @@ class FileProvider : ContentProvider() {
override fun getType(uri: Uri) = "image/${uri.path?.substringAfterLast('.')}"
override fun openFile(uri: Uri, mode: String?): ParcelFileDescriptor {
+ if (uri.path.startsWith("/data")) throw SecurityException("Illegal access")
val file = File(uri.path)
if (file.exists()) {
return ParcelFileDescriptor.open(file, ParcelFileDescriptor.MODE_READ_ONLY)
More information about the Android
mailing list