From e302a14cd0a9b331ec6a44cbe53023fb8d607a9a Mon Sep 17 00:00:00 2001
From: agnostic-apollo <agnosticapollo@gmail.com>
Date: Fri, 24 Sep 2021 00:29:06 +0500
Subject: [PATCH] Fixed: Do not allow external apps to modify termux properties
 files with ContentProvider

---
 .../main/java/com/termux/app/TermuxOpenReceiver.java   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/src/main/java/com/termux/app/TermuxOpenReceiver.java b/app/src/main/java/com/termux/app/TermuxOpenReceiver.java
index c85885dc..a4f7e5bd 100644
--- a/app/src/main/java/com/termux/app/TermuxOpenReceiver.java
+++ b/app/src/main/java/com/termux/app/TermuxOpenReceiver.java
@@ -189,6 +189,16 @@ public class TermuxOpenReceiver extends BroadcastReceiver {
                 if (!(path.startsWith(TermuxConstants.TERMUX_FILES_DIR_PATH) || path.startsWith(storagePath))) {
                     throw new IllegalArgumentException("Invalid path: " + path);
                 }
+
+                // Do not allow apps with RUN_COMMAND permission to modify termux apps properties files,
+                // including allow-external-apps
+                if (TermuxConstants.TERMUX_PROPERTIES_PRIMARY_FILE_PATH.equals(path) ||
+                    TermuxConstants.TERMUX_PROPERTIES_SECONDARY_FILE_PATH.equals(path) ||
+                    TermuxConstants.TERMUX_FLOAT_PROPERTIES_PRIMARY_FILE_PATH.equals(path) ||
+                    TermuxConstants.TERMUX_FLOAT_PROPERTIES_SECONDARY_FILE_PATH.equals(path)) {
+                    mode = "r";
+                }
+
             } catch (IOException e) {
                 throw new IllegalArgumentException(e);
             }