fankes/termux-app
2
0
Fork 0
mirror of https://github.com/fankes/termux-app.git synced 2025-09-06 18:55:31 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed: Do not allow external apps to modify termux properties files with ContentProvider

Browse Source
This commit is contained in:
agnostic-apollo
2021-09-24 00:29:06 +05:00
parent f3ffc36bfd
commit e302a14cd0
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/src/main/java/com/termux/app/TermuxOpenReceiver.java
View File

@@ -189,6 +189,16 @@ public class TermuxOpenReceiver extends BroadcastReceiver {
if (!(path.startsWith(TermuxConstants.TERMUX_FILES_DIR_PATH) || path.startsWith(storagePath))) { if (!(path.startsWith(TermuxConstants.TERMUX_FILES_DIR_PATH) || path.startsWith(storagePath))) {
throw new IllegalArgumentException("Invalid path: " + path); throw new IllegalArgumentException("Invalid path: " + path);
} }
// Do not allow apps with RUN_COMMAND permission to modify termux apps properties files,
// including allow-external-apps
if (TermuxConstants.TERMUX_PROPERTIES_PRIMARY_FILE_PATH.equals(path) ||
TermuxConstants.TERMUX_PROPERTIES_SECONDARY_FILE_PATH.equals(path) ||
TermuxConstants.TERMUX_FLOAT_PROPERTIES_PRIMARY_FILE_PATH.equals(path) ||
TermuxConstants.TERMUX_FLOAT_PROPERTIES_SECONDARY_FILE_PATH.equals(path)) {
mode = "r";
}
} catch (IOException e) { } catch (IOException e) {
throw new IllegalArgumentException(e); throw new IllegalArgumentException(e);
} }