diff --git a/src/android/support/v7/mms/MmsNetworkManager.java b/src/android/support/v7/mms/MmsNetworkManager.java
index 059ca8f4fac9ff04cdcf6c175419522f08b95dc2..1021b5a7d1b81eb30ff74c53a40ac4d43855936a 100644
--- a/src/android/support/v7/mms/MmsNetworkManager.java
+++ b/src/android/support/v7/mms/MmsNetworkManager.java
@@ -324,7 +324,8 @@ class MmsNetworkManager {
private void registerConnectivityChangeReceiverLocked() {
if (!mReceiverRegistered) {
- mContext.registerReceiver(mConnectivityChangeReceiver, mConnectivityIntentFilter);
+ mContext.registerReceiver(mConnectivityChangeReceiver, mConnectivityIntentFilter,
+ Context.RECEIVER_EXPORTED/*UNAUDITED*/);
mReceiverRegistered = true;
}
}
diff --git a/src/com/android/messaging/BugleApplication.java b/src/com/android/messaging/BugleApplication.java
index 0ef8d9186a817e51b2f14729378f68db02c17fa2..36f062b1146906f54ed1cbb5560cac849adbc7d7 100644
--- a/src/com/android/messaging/BugleApplication.java
+++ b/src/com/android/messaging/BugleApplication.java
@@ -132,7 +132,8 @@ public class BugleApplication extends Application implements UncaughtExceptionHa
LogUtil.i(TAG, "Carrier config changed. Reloading MMS config.");
MmsConfig.loadAsync();
}
- }, new IntentFilter(CarrierConfigManager.ACTION_CARRIER_CONFIG_CHANGED));
+ }, new IntentFilter(CarrierConfigManager.ACTION_CARRIER_CONFIG_CHANGED),
+ Context.RECEIVER_EXPORTED/*UNAUDITED*/);
}
private static void initMmsLib(final Context context, final BugleGservices bugleGservices,
diff --git a/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java b/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
index 5500ae88deae097a256a137dc0254d7958b19dac..c869839e0ad426a206864715421696668deefad1 100644
--- a/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
+++ b/src/com/android/messaging/ui/conversation/LaunchConversationActivity.java
@@ -37,6 +37,8 @@ import com.android.messaging.util.UriUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.List;
/**
* Launches ConversationActivity for sending a message to, or viewing messages from, a specific
@@ -46,6 +48,7 @@ import java.net.URLDecoder;
*/
public class LaunchConversationActivity extends Activity implements
LaunchConversationData.LaunchConversationDataListener {
+ private static final int MAX_RECIPIENT_LENGTH = 100;
static final String SMS_BODY = "sms_body";
static final String ADDRESS = "address";
final Binding<LaunchConversationData> mBinding = BindingBase.createBinding(this);
@@ -76,6 +79,9 @@ public class LaunchConversationActivity extends Activity implements
recipients = new String[] { intent.getStringExtra(Intent.EXTRA_EMAIL) };
}
}
+ if (recipients != null) {
+ recipients = trimInvalidRecipients(recipients);
+ }
mSmsBody = intent.getStringExtra(SMS_BODY);
if (TextUtils.isEmpty(mSmsBody)) {
// Used by intents sent from the web YouTube (and perhaps others).
@@ -103,6 +109,20 @@ public class LaunchConversationActivity extends Activity implements
finish();
}
+ private String[] trimInvalidRecipients(String[] recipients) {
+ List<String> trimmedRecipients = new ArrayList<>();
+ for (String recipient : recipients) {
+ if (recipient.length() < MAX_RECIPIENT_LENGTH) {
+ trimmedRecipients.add(recipient);
+ }
+ }
+ if (trimmedRecipients.size() > 0) {
+ return trimmedRecipients.toArray(new String[0]);
+ } else {
+ return null;
+ }
+ }
+
private String getBody(final Uri uri) {
if (uri == null) {
return null;
diff --git a/src/com/android/messaging/util/FileUtil.java b/src/com/android/messaging/util/FileUtil.java
index 71fbb4b3a1f12727c43ec654bcb51c19820f68d4..e7d86f258e3ab0e3e5c284006fdeb7d33c02d3fc 100644
--- a/src/com/android/messaging/util/FileUtil.java
+++ b/src/com/android/messaging/util/FileUtil.java
@@ -20,6 +20,7 @@ import android.content.ContentResolver;
import android.content.Context;
import android.net.Uri;
import android.os.Environment;
+import android.os.ParcelFileDescriptor;
import android.text.TextUtils;
import com.android.messaging.Factory;
@@ -28,6 +29,8 @@ import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
@@ -121,6 +124,10 @@ public class FileUtil {
// We're told it's possible to create world readable hardlinks to other apps private data
// so we ban all /data file uris.
public static boolean isInPrivateDir(Uri uri) {
+ return isFileUriInPrivateDir(uri) || isContentUriInPrivateDir(uri);
+ }
+
+ private static boolean isFileUriInPrivateDir(Uri uri) {
if (!UriUtil.isFileUri(uri)) {
return false;
}
@@ -128,6 +135,24 @@ public class FileUtil {
return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), file);
}
+ private static boolean isContentUriInPrivateDir(Uri uri) {
+ if (!uri.getScheme().equals(ContentResolver.SCHEME_CONTENT)) {
+ return false;
+ }
+ try {
+ Context context = Factory.get().getApplicationContext();
+ ParcelFileDescriptor pfd = context.getContentResolver().openFileDescriptor(uri, "r");
+ int fd = pfd.getFd();
+ // Use the file descriptor to find out the read file path through symbolic link.
+ Path fdPath = Paths.get("/proc/self/fd/" + fd);
+ Path filePath = java.nio.file.Files.readSymbolicLink(fdPath);
+ pfd.close();
+ return FileUtil.isSameOrSubDirectory(Environment.getDataDirectory(), filePath.toFile());
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
/**
* Checks, whether the child directory is the same as, or a sub-directory of the base
* directory.