From b10b14d9bc737edc56af0eec3a14bed5ebf3ea39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 25 Sep 2015 01:02:21 +0200
Subject: Check that the encrypt input uris are not linked to our own internal
 storage (OKC-01-010)

---
 .../keychain/ui/EncryptFilesFragment.java          | 29 +++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 58476fc57..0e357cfcd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -18,6 +18,7 @@
 package org.sufficientlysecure.keychain.ui;
 
 
+import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Date;
@@ -451,9 +452,29 @@ public class EncryptFilesFragment
 
     }
 
-    // prepares mOutputUris, either directly and returns false, or indirectly
-    // which returns true and will call cryptoOperation after mOutputUris has
-    // been set at a later point.
+    /**
+     * Checks that the input uris are not linked to our own internal storage.
+     * This prevents the encryption of our own database (-> export of whole database)
+     */
+    private void securityCheckInternalStorage() {
+        for (FilesAdapter.ViewModel model : mFilesAdapter.mDataset) {
+            File fileInput = new File(model.inputUri.getPath());
+            try {
+                // the canonical path of the file must not start with /data/data/org.sufficientlysecure.keychain/
+                if (fileInput.getCanonicalPath().startsWith(getActivity().getApplicationInfo().dataDir)) {
+                    throw new RuntimeException("Encrypting OpenKeychain's private files is not allowed!");
+                }
+            } catch (IOException e) {
+                Log.e(Constants.TAG, "Getting canonical path failed!", e);
+            }
+        }
+    }
+
+    /**
+     * Prepares mOutputUris, either directly and returns false, or indirectly
+     * which returns true and will call cryptoOperation after mOutputUris has
+     * been set at a later point.
+     */
     private boolean prepareOutputStreams() {
 
         switch (mAfterEncryptAction) {
@@ -529,6 +550,8 @@ public class EncryptFilesFragment
 
         }
 
+        securityCheckInternalStorage();
+
         return actionsParcel;
 
     }
-- 
cgit v1.2.3