Commit 28a2828d authored by Jan Henning's avatar Jan Henning Committed by Georg Koppen
Browse files

Bug 1484472 - Avoid FileUriExposedException in... 

Bug 1484472 - Avoid FileUriExposedException in ExternalIntentDuringPrivateBrowsingPromptFragment. r=jchen

The fragment is also used to handle intents launched through GeckoAppShell.
openUriExternal(), such as e.g. when launching downloaded files from
about:downloads.

The synchronous code path when not in private browsing is already covered by the
code added in bug 1450449, but the async path through the fragment when in
private browsing needs to be handled separately.

Differential Revision: https://phabricator.services.mozilla.com/D3916

--HG--
extra : moz-landing-system : lando
parent 0a7dcec7

mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java

+10 −3
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ import android.content.Intent; 
import android.content.pm.PackageManager;

import android.content.pm.ResolveInfo;

import android.os.Bundle;

import android.os.StrictMode;

import android.support.v4.app.DialogFragment;

import android.support.v4.app.FragmentManager;

import android.support.v7.app.AlertDialog;
@@ -25,9 +26,9 @@ import android.util.Log; 
import java.util.List;



/**

 * A DialogFragment to contain a dialog that appears when the user clicks an Intent:// URI during private browsing. The

 * dialog appears to notify the user that a clicked link will open in an external application, potentially leaking their

 * browsing history.

 * A DialogFragment to contain a dialog that appears when the user clicks an Intent:// URI or

 * launches a file during private browsing. The dialog appears to notify the user that a clicked

 * link will open in an external application, potentially leaking their browsing history.

 */

public class ExternalIntentDuringPrivateBrowsingPromptFragment extends DialogFragment {

    private static final String LOGTAG = ExternalIntentDuringPrivateBrowsingPromptFragment.class.getSimpleName();
@@ -50,7 +51,13 @@ public class ExternalIntentDuringPrivateBrowsingPromptFragment extends DialogFra 
                .setTitle(intent.getDataString())

                .setPositiveButton(R.string.button_yes, new DialogInterface.OnClickListener() {

                    public void onClick(final DialogInterface dialog, final int id) {

                        // Bug 1450449 - Downloaded files are already in a public directory and

                        // aren't really exclusively owned by Firefox, so there's no real benefit

                        // to using content:// URIs here.

                        StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy();

                        StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX);

                        context.startActivity(intent);

                        StrictMode.setVmPolicy(prevPolicy);

                    }

                })

                .setNegativeButton(R.string.button_no, null /* we do nothing if the user rejects */ );