Bug 1500906 - Suppress FileUriExposedExceptions when launching helper apps. r=jchen
authorJan Henning <jh+bugzilla@buttercookie.de>
Wed, 24 Oct 2018 16:00:06 +0000
changeset 491188 73cfb79f183ac786b56dd97e63e969642ed0919f
parent 491187 fa86045075416389c2d59efad35226b6d8d56561
child 491189 4833b89bb969cf1709eba8f8960136c85e750d94
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersjchen
bugs1500906, 1450449
milestone65.0a1
Bug 1500906 - Suppress FileUriExposedExceptions when launching helper apps. r=jchen Sharing tabs with file:// URIs is not possible, but users can still send them to other apps via the helper app system in the URL bar/context menu. "Intent:Open" and "Intent:OpenForResult" are both sent from Gecko by HelperApps.jsm. The same reasoning as in bug 1450449 applies as to why for publicly accessible files content:// URIs are more trouble than they're worth. Differential Revision: https://phabricator.services.mozilla.com/D9420
mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
--- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
+++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
@@ -9,16 +9,17 @@ import org.mozilla.gecko.db.BrowserContr
 import org.mozilla.gecko.overlays.ui.ShareDialog;
 import org.mozilla.gecko.preferences.GeckoPreferences;
 import org.mozilla.gecko.util.ActivityResultHandler;
 import org.mozilla.gecko.util.BundleEventListener;
 import org.mozilla.gecko.util.EventCallback;
 import org.mozilla.gecko.util.FileUtils;
 import org.mozilla.gecko.util.GeckoBundle;
 import org.mozilla.gecko.util.IntentUtils;
+import org.mozilla.gecko.util.StrictModeContext;
 import org.mozilla.gecko.widget.ExternalIntentDuringPrivateBrowsingPromptFragment;
 
 import android.app.Activity;
 import android.content.ClipData;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
@@ -430,42 +431,52 @@ public final class IntentHelper implemen
         final Intent intent = getOpenURIIntent(getContext(),
                                                message.getString("url", ""),
                                                message.getString("mime", ""),
                                                message.getString("action", ""),
                                                message.getString("title", ""));
         callback.sendSuccess(getHandlersForIntent(intent));
     }
 
+    @SuppressWarnings("try")
     private void open(final GeckoBundle message) {
-        openUriExternal(message.getString("url", ""),
-                        message.getString("mime", ""),
-                        message.getString("packageName", ""),
-                        message.getString("className", ""),
-                        message.getString("action", ""),
-                        message.getString("title", ""), false);
+        // Bug 1450449 - this is most likely a document from the publicly accessible storage which
+        // isn't owned exclusively by Firefox, so there's no real benefit to using content:// URIs
+        // here.
+        try (StrictModeContext unused = StrictModeContext.allowAllVmPolicies()) {
+            openUriExternal(message.getString("url", ""),
+                            message.getString("mime", ""),
+                            message.getString("packageName", ""),
+                            message.getString("className", ""),
+                            message.getString("action", ""),
+                            message.getString("title", ""), false);
+        }
     }
 
+    @SuppressWarnings("try")
     private void openForResult(final GeckoBundle message, final EventCallback callback) {
         Intent intent = getOpenURIIntent(getContext(),
                                          message.getString("url", ""),
                                          message.getString("mime", ""),
                                          message.getString("action", ""),
                                          message.getString("title", ""));
         intent.setClassName(message.getString("packageName", ""),
                             message.getString("className", ""));
         intent.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
 
         final FragmentActivity activity = getActivity();
         if (activity == null) {
             callback.sendError(null);
             return;
         }
         final ResultHandler handler = new ResultHandler(callback);
-        try {
+        // Bug 1450449 - this is most likely a document from the publicly accessible storage which
+        // isn't owned exclusively by Firefox, so there's no real benefit to using content:// URIs
+        // here.
+        try (StrictModeContext unused = StrictModeContext.allowAllVmPolicies()) {
             ActivityHandlerHelper.startIntentForActivity(activity, intent, handler);
         } catch (SecurityException e) {
             Log.w(LOGTAG, "Forbidden to launch activity.", e);
         }
     }
 
     /**
      * Opens a URI without any valid handlers on device. In the best case, a package is specified