| c43a8d4c928b0d362339cd418486e2aa91769b70 |
|
09-Jul-2013 |
Chiao Cheng <chiaocheng@google.com> |
White list file names and do not allow ".."
Fixes security vulnerability where application can pass in relative file paths
with ".." in the string to access files outside of the dumpedfiles directory.
Bug: 9607306
Change-Id: Iad219cb48fa560d837498c2dc75127294dcf401b
/packages/providers/ContactsProvider/src/com/android/providers/contacts/debug/DataExporter.java
|
| a6ec38053a00fb399ca174931c149e3740c7420a |
|
16-Aug-2012 |
Makoto Onuki <omakoto@google.com> |
Inprove database dump
- Use the best compression ratio.
- Report the correct file size via DumpFileProvider, so that Gmail
will be able to show an error if the file is too large. (gmail has ~25M limit.)
In case it's too large, we can ask the user to use Drive instead.
Change-Id: I625bf8913aa6fc2fce25130a219720b8d1a8896b
/packages/providers/ContactsProvider/src/com/android/providers/contacts/debug/DataExporter.java
|
| 623659ebf4875e63bf4fef1e0b00096e09121853 |
|
14-Aug-2012 |
Makoto Onuki <omakoto@google.com> |
Make "export contacts database" more secure
Don't put the dump file on the SD card. Instead, put it in the internal cache
directory which is protected by the filesystem permissions.
In order to make it attachable on gmail, create a shim content provider and
sends a content: URI for this provider.
The dump file can be read only from the apps that knows its name, which
we pass via the SEND intent. Each dump file has a unique 256-bit random name,
so it's virtually impossible to for other apps to read them.
Bug 6813842
Change-Id: I3ca081e696e4e432e2bf7eb701595c508cd19409
/packages/providers/ContactsProvider/src/com/android/providers/contacts/debug/DataExporter.java
|
| 8a6e02add7c70666cdb506310c134af7d91c323c |
|
19-Jul-2012 |
Makoto Onuki <omakoto@google.com> |
Add debug activity to export all data files as a zip
This will allow us to collect contacts database files even from user build
devices where "adb root" is disabled.
This is simialr to what CalendarProvider does in CalendarDebugActivity. The
difference is it'll export all files under "/data/data/com.android.providers.contacts/",
including the profile db and highres photo files.
To launch the activity:
adb shell am start -a com.android.providers.contacts.DUMP_DATABASE
I'm planning to add somethig to the people app to fire off this intent, so that
users will be able to do it without adb.
The activity will show a warning message with "Start", "Delete" and "Cancel"
buttons.
- "Cancel" will close the dialog.
- "Start" will create a zip file. After that, it'll present the activity
chooser to let the user choose which app to use to send it with.
- "Delete" will delete the ZIP file. We need to make sure to ask the user to
do this once sending email is succeessfully finished (unfortunately there's
no way for us to detect it programmatically), as any apps with the "read
sdcard" parmission will be able to read it otherwise.
In the future, we may want to add options to, for example, exclude the profile
db or exclude highres pictures.
Bug 6813842
Change-Id: Id181efad65194ed39b0a0bc1226252da62b8927e
/packages/providers/ContactsProvider/src/com/android/providers/contacts/debug/DataExporter.java
|