drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 7b3ac9ad: am 0cb27e28: Validate restored file paths against their nominal domain

Browse Source 
* commit '7b3ac9add80fde8e36201e7c2e05a3da10c44cec':
  Validate restored file paths against their nominal domain
This commit is contained in:
Christopher Tate
2013-03-25 14:08:37 -07:00
committed by Android Git Automerger
parent 58a54cb380 7b3ac9add8
commit 9432f83cea
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
core/java/android/app/backup/BackupAgent.java
View File

@ -440,21 +440,31 @@ public abstract class BackupAgent extends ContextWrapper {
basePath = getCacheDir().getCanonicalPath(); basePath = getCacheDir().getCanonicalPath();
} else { } else {
// Not a supported location // Not a supported location
Log.i(TAG, "Data restored from non-app domain " + domain + ", ignoring"); Log.i(TAG, "Unrecognized domain " + domain);
} }
// Now that we've figured out where the data goes, send it on its way // Now that we've figured out where the data goes, send it on its way
if (basePath != null) { if (basePath != null) {
// Canonicalize the nominal path and verify that it lies within the stated domain
File outFile = new File(basePath, path); File outFile = new File(basePath, path);
if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outFile.getPath()); String outPath = outFile.getCanonicalPath();
onRestoreFile(data, size, outFile, type, mode, mtime); if (outPath.startsWith(basePath + File.separatorChar)) {
} else { if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outPath);
// Not a supported output location? We need to consume the data onRestoreFile(data, size, outFile, type, mode, mtime);
// anyway, so just use the default "copy the data out" implementation return;
// with a null destination. } else {
if (DEBUG) Log.i(TAG, "[ skipping data from unsupported domain " + domain + "]"); // Attempt to restore to a path outside the file's nominal domain.
FullBackup.restoreFile(data, size, type, mode, mtime, null); if (DEBUG) {
Log.e(TAG, "Cross-domain restore attempt: " + outPath);
}
}
} }
// Not a supported output location, or bad path: we need to consume the data
// anyway, so just use the default "copy the data out" implementation
// with a null destination.
if (DEBUG) Log.i(TAG, "[ skipping file " + path + "]");
FullBackup.restoreFile(data, size, type, mode, mtime, null);
} }
// ----- Core implementation ----- // ----- Core implementation -----