diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-25 01:02:21 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-25 01:02:21 +0200 |
commit | b10b14d9bc737edc56af0eec3a14bed5ebf3ea39 (patch) | |
tree | 131e2f2209ba7b7ec923c9bd72e6b8ce70b9147f /OpenKeychain/src/main/java | |
parent | 9a6aa07089f195a95f15703e712ee95e077a7a09 (diff) | |
download | open-keychain-b10b14d9bc737edc56af0eec3a14bed5ebf3ea39.tar.gz open-keychain-b10b14d9bc737edc56af0eec3a14bed5ebf3ea39.tar.bz2 open-keychain-b10b14d9bc737edc56af0eec3a14bed5ebf3ea39.zip |
Check that the encrypt input uris are not linked to our own internal storage (OKC-01-010)
Diffstat (limited to 'OpenKeychain/src/main/java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java index 58476fc57..0e357cfcd 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java @@ -18,6 +18,7 @@ package org.sufficientlysecure.keychain.ui; +import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Date; @@ -451,9 +452,29 @@ public class EncryptFilesFragment } - // prepares mOutputUris, either directly and returns false, or indirectly - // which returns true and will call cryptoOperation after mOutputUris has - // been set at a later point. + /** + * Checks that the input uris are not linked to our own internal storage. + * This prevents the encryption of our own database (-> export of whole database) + */ + private void securityCheckInternalStorage() { + for (FilesAdapter.ViewModel model : mFilesAdapter.mDataset) { + File fileInput = new File(model.inputUri.getPath()); + try { + // the canonical path of the file must not start with /data/data/org.sufficientlysecure.keychain/ + if (fileInput.getCanonicalPath().startsWith(getActivity().getApplicationInfo().dataDir)) { + throw new RuntimeException("Encrypting OpenKeychain's private files is not allowed!"); + } + } catch (IOException e) { + Log.e(Constants.TAG, "Getting canonical path failed!", e); + } + } + } + + /** + * Prepares mOutputUris, either directly and returns false, or indirectly + * which returns true and will call cryptoOperation after mOutputUris has + * been set at a later point. + */ private boolean prepareOutputStreams() { switch (mAfterEncryptAction) { @@ -529,6 +550,8 @@ public class EncryptFilesFragment } + securityCheckInternalStorage(); + return actionsParcel; } |