2121import static android .app .admin .DevicePolicyResources .Strings .Core .RESOLVER_CANT_SHARE_WITH_PERSONAL ;
2222import static android .app .admin .DevicePolicyResources .Strings .Core .RESOLVER_CANT_SHARE_WITH_WORK ;
2323import static android .app .admin .DevicePolicyResources .Strings .Core .RESOLVER_CROSS_PROFILE_BLOCKED_TITLE ;
24+ import static android .content .ContentProvider .getUserIdFromUri ;
2425import static android .stats .devicepolicy .DevicePolicyEnums .RESOLVER_EMPTY_STATE_NO_SHARING_TO_PERSONAL ;
2526import static android .stats .devicepolicy .DevicePolicyEnums .RESOLVER_EMPTY_STATE_NO_SHARING_TO_WORK ;
2627
161162import java .util .Map ;
162163import java .util .Objects ;
163164import java .util .function .Supplier ;
165+ import java .util .stream .Collectors ;
164166
165167/**
166168 * The Chooser Activity handles intent resolution specifically for sharing intents -
@@ -1424,7 +1426,11 @@ private ViewGroup displayImageContentPreview(Intent targetIntent, LayoutInflater
14241426
14251427 String action = targetIntent .getAction ();
14261428 if (Intent .ACTION_SEND .equals (action )) {
1427- Uri uri = targetIntent .getParcelableExtra (Intent .EXTRA_STREAM );
1429+ Uri uri = targetIntent .getParcelableExtra (Intent .EXTRA_STREAM , android .net .Uri .class );
1430+ if (!validForContentPreview (uri )) {
1431+ contentPreviewLayout .setVisibility (View .GONE );
1432+ return contentPreviewLayout ;
1433+ }
14281434 imagePreview .findViewById (R .id .content_preview_image_1_large )
14291435 .setTransitionName (ChooserActivity .FIRST_IMAGE_PREVIEW_TRANSITION_NAME );
14301436 mPreviewCoord .loadUriIntoView (R .id .content_preview_image_1_large , uri , 0 );
@@ -1434,7 +1440,7 @@ private ViewGroup displayImageContentPreview(Intent targetIntent, LayoutInflater
14341440 List <Uri > uris = targetIntent .getParcelableArrayListExtra (Intent .EXTRA_STREAM );
14351441 List <Uri > imageUris = new ArrayList <>();
14361442 for (Uri uri : uris ) {
1437- if (isImageType (resolver .getType (uri ))) {
1443+ if (validForContentPreview ( uri ) && isImageType (resolver .getType (uri ))) {
14381444 imageUris .add (uri );
14391445 }
14401446 }
@@ -1544,9 +1550,16 @@ private ViewGroup displayFileContentPreview(Intent targetIntent, LayoutInflater
15441550 String action = targetIntent .getAction ();
15451551 if (Intent .ACTION_SEND .equals (action )) {
15461552 Uri uri = targetIntent .getParcelableExtra (Intent .EXTRA_STREAM );
1553+ if (!validForContentPreview (uri )) {
1554+ contentPreviewLayout .setVisibility (View .GONE );
1555+ return contentPreviewLayout ;
1556+ }
15471557 loadFileUriIntoView (uri , contentPreviewLayout );
15481558 } else {
15491559 List <Uri > uris = targetIntent .getParcelableArrayListExtra (Intent .EXTRA_STREAM );
1560+ uris = uris .stream ()
1561+ .filter (ChooserActivity ::validForContentPreview )
1562+ .collect (Collectors .toList ());
15501563 int uriCount = uris .size ();
15511564
15521565 if (uriCount == 0 ) {
@@ -1605,6 +1618,24 @@ private void loadFileUriIntoView(final Uri uri, final View parent) {
16051618 }
16061619 }
16071620
1621+ /**
1622+ * Indicate if the incoming content URI should be allowed.
1623+ *
1624+ * @param uri the uri to test
1625+ * @return true if the URI is allowed for content preview
1626+ */
1627+ private static boolean validForContentPreview (Uri uri ) throws SecurityException {
1628+ if (uri == null ) {
1629+ return false ;
1630+ }
1631+ int userId = getUserIdFromUri (uri , UserHandle .USER_CURRENT );
1632+ if (userId != UserHandle .USER_CURRENT && userId != UserHandle .myUserId ()) {
1633+ Log .e (TAG , "dropped invalid content URI belonging to user " + userId );
1634+ return false ;
1635+ }
1636+ return true ;
1637+ }
1638+
16081639 @ VisibleForTesting
16091640 protected boolean isImageType (String mimeType ) {
16101641 return mimeType != null && mimeType .startsWith ("image/" );
0 commit comments