Skip to content
Permalink
Browse files

Fix / Security - remove old Content Provider

Remove obsolete and buggy ContentProvider which could allow a malicious local app to compromise account data
  • Loading branch information...
Valere
Valere committed Apr 23, 2019
1 parent ff63603 commit 096dfbef39bf0ce53ea2e80225a85e74d75aefa0
@@ -1,23 +1,31 @@
Changes in Riot 0.9.00 (2019-XX-XX)
Changes in Riot 0.9.00 (2019-04-23)
===================================================

/!\ This version is the first version published with app id "im.vector.app".


Changes in Riot 0.8.99 (2019-04-23)
===================================================

/!\ This version is the last version published with app id "im.vector.alpha". It contains a screen which introduce the new application "im.vector.app"
/!\ This release contains security related bugfixes, users should upgrade asap

MatrixSdk:
- Upgrade MatrixSdk to version 0.9.21.
- Changelog: https://github.com/matrix-org/matrix-android-sdk/releases/tag/v0.9.21
- Upgrade MatrixSdk to version 0.9.22.
- Changelog: https://github.com/matrix-org/matrix-android-sdk/releases/tag/v0.9.22

Other changes:
- Remove Amplitude tracker and Calendars permissions added by Jitsi lib (jitsi/jitsi-meet#4068, jitsi/jitsi-meet#4080)
- Exclude code of Firebase analytics (#2481)

Bugfix:
- Fix / Illegal States exceptions when starting event stream service X
- Security Fix / Remove obsolete and buggy ContentProvider which could allow a malicious local app to compromise account data. Many thanks to Julien Thomas (twitter.com/@julien_thomas) from Protektoid Project (https://protektoid.com) for identifying this and responsibly disclosing it!

Build:
- Exclude Firebase analytics code (#2481)


Changes in Riot 0.8.29 (2019-04-04)
===================================================

BIN +46 Bytes (100%) vector/libs/matrix-sdk.aar
Binary file not shown.
@@ -539,12 +539,7 @@
<service
android:name=".services.CallService"
android:exported="false" />

<provider
android:name=".db.VectorContentProvider"
android:authorities="${applicationId}.VectorApp.provider"
android:exported="true" />


</application>

</manifest>
@@ -20,6 +20,7 @@
import android.content.Intent;
import android.net.Uri;
import android.support.annotation.NonNull;
import android.support.v4.content.FileProvider;
import android.support.v4.view.ViewPager;
import android.view.Menu;
import android.view.MenuItem;
@@ -39,11 +40,11 @@
import java.io.File;
import java.util.List;

import im.vector.BuildConfig;
import im.vector.Matrix;
import im.vector.R;
import im.vector.VectorApp;
import im.vector.adapters.VectorMediaViewerAdapter;
import im.vector.db.VectorContentProvider;
import im.vector.util.PermissionsToolsKt;
import im.vector.util.SlidableMediaInfo;

@@ -265,14 +266,16 @@ public void onSuccess(String savedMediaPath) {
// shared / forward
Uri mediaUri = null;
try {
mediaUri = VectorContentProvider.absolutePathToUri(VectorMediaViewerActivity.this, file.getAbsolutePath());
mediaUri = FileProvider.getUriForFile(VectorMediaViewerActivity.this, BuildConfig.APPLICATION_ID + ".fileProvider", file);
} catch (Exception e) {
Log.e(LOG_TAG, "onMediaAction onAction.absolutePathToUri: " + e.getMessage(), e);
Log.e(LOG_TAG, "onMediaAction Selected File cannot be shared " + e.getMessage(), e);
}

if (null != mediaUri) {
try {
final Intent sendIntent = new Intent();
// Grant temporary read permission to the content URI
sendIntent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
sendIntent.setAction(Intent.ACTION_SEND);
sendIntent.setType(mediaInfo.mMimeType);
sendIntent.putExtra(Intent.EXTRA_STREAM, mediaUri);

This file was deleted.

@@ -27,6 +27,7 @@
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.v4.app.FragmentManager;
import android.support.v4.content.FileProvider;
import android.support.v7.app.AlertDialog;
import android.text.TextUtils;
import android.view.LayoutInflater;
@@ -74,6 +75,7 @@
import java.util.List;
import java.util.Map;

import im.vector.BuildConfig;
import im.vector.Matrix;
import im.vector.R;
import im.vector.activity.CommonActivityUtils;
@@ -83,7 +85,6 @@
import im.vector.activity.VectorMemberDetailsActivity;
import im.vector.activity.VectorRoomActivity;
import im.vector.adapters.VectorMessagesAdapter;
import im.vector.db.VectorContentProvider;
import im.vector.extensions.MatrixSdkExtensionsKt;
import im.vector.listeners.IMessagesAdapterActionsListener;
import im.vector.listeners.YesNoListener;
@@ -868,19 +869,22 @@ public void onSuccess(String savedMediaPath) {
} else {
// Move the file to the Share folder, to avoid it to be deleted because the Activity will be paused while the
// user select an application to share the file
// only files in this folder can be shared with external apps, with temporary read access
file = mediasCache.moveToShareFolder(file, trimmedFileName);

// shared / forward
Uri mediaUri = null;
try {
mediaUri = VectorContentProvider.absolutePathToUri(getActivity(), file.getAbsolutePath());
mediaUri = FileProvider.getUriForFile(getActivity(), BuildConfig.APPLICATION_ID + ".fileProvider", file);
} catch (Exception e) {
Log.e(LOG_TAG, "onMediaAction VectorContentProvider.absolutePathToUri: " + e.getMessage(), e);
Log.e(LOG_TAG, "onMediaAction Selected File cannot be shared " + e.getMessage(), e);
}

if (null != mediaUri) {
final Intent sendIntent = new Intent();
sendIntent.setAction(Intent.ACTION_SEND);
// Grant temporary read permission to the content URI
sendIntent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
sendIntent.setType(mediaMimeType);
sendIntent.putExtra(Intent.EXTRA_STREAM, mediaUri);

@@ -3,4 +3,7 @@
<external-path
name="external_files"
path="." />
<files-path
name="shared"
path="ext_share" />
</paths>

0 comments on commit 096dfbe

Please sign in to comment.
You can’t perform that action at this time.