[tbb-bugs] #28705 [Applications/Tor Browser]: Don't leak File URI during download on Android
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 3 21:15:59 UTC 2018
#28705: Don't leak File URI during download on Android
-------------------------------------+-------------------------------------
Reporter: sysrqb | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-mobile,
Severity: Normal | TorBrowserTeam201812
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: Sponsor8 |
-------------------------------------+-------------------------------------
This is already patched upstream in FF62, but the backport is not-small.
Maybe we can get away with a smaller patch that solves the main problem.
Summary:
In #27701 we solved the bug where torbutton prevents downloading a file on
Android.
In #28051 we solved the problem where notifications weren't working on
newer versions of Android.
Now we have a problem that on newer versions of Android, the runtime
prevents "leaking" file URIs from one app to another. In particular, this
is happening when Tor Browser is downloading a file, the browser creates a
notification with the URI of the local destination file embedded in it.
This results in an exception stacktrace like:
{{{
D AndroidRuntime: Shutting down VM
E AndroidRuntime: FATAL EXCEPTION: main
E AndroidRuntime: Process: org.torproject.torbrowser_alpha, PID: 18167
E AndroidRuntime: android.os.FileUriExposedException:
file:///storage/emulated/0/Download/tor-browser-8.5a5-android-armv7.apk
exposed beyond app through Intent.getData()
E AndroidRuntime: at
android.os.StrictMode.onFileUriExposed(StrictMode.java:1960)
E AndroidRuntime: at
android.net.Uri.checkFileUriExposed(Uri.java:2356)
E AndroidRuntime: at
android.content.Intent.prepareToLeaveProcess(Intent.java:9881)
E AndroidRuntime: at
android.content.Intent.prepareToLeaveProcess(Intent.java:9835)
E AndroidRuntime: at
android.app.PendingIntent.getActivity(PendingIntent.java:342)
E AndroidRuntime: at
android.app.PendingIntent.getActivity(PendingIntent.java:304)
E AndroidRuntime: at
org.mozilla.gecko.notifications.NotificationHelper.showNotification(NotificationHelper.java:298)
E AndroidRuntime: at
org.mozilla.gecko.notifications.NotificationHelper.handleMessage(NotificationHelper.java:120)
E AndroidRuntime: at
org.mozilla.gecko.EventDispatcher$2.run(EventDispatcher.java:337)
E AndroidRuntime: at
android.os.Handler.handleCallback(Handler.java:790)
E AndroidRuntime: at
android.os.Handler.dispatchMessage(Handler.java:99)
E AndroidRuntime: at android.os.Looper.loop(Looper.java:164)
E AndroidRuntime: at
android.app.ActivityThread.main(ActivityThread.java:6494)
E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
E AndroidRuntime: at
com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
E AndroidRuntime: at
com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
}}}
This was patched upstream:
https://bugzilla.mozilla.org/show_bug.cgi?id=1450449
Crash report:
https://bugzilla.mozilla.org/show_bug.cgi?id=1476681
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28705>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list