Fix WebView vulnerability by disallowing file access

Fix webvuew vulnerability inside captiveportal activity by disallowing access private file in app's sandbox. Bug: 150610071 Test: Build Change-Id: I67e695478476b6ee9cf21ed41213f25441d9776a (cherry picked from commit fef654fffc4783f71f94600597e2fb69249eeb35) Merged-in: I67e695478476b6ee9cf21ed41213f25441d9776a
author: Chen Xu <fionaxu@google.com> 2020-04-24 12:26:04 -0700
committer: Chen Xu <fionaxu@google.com> 2020-04-27 22:46:48 -0700
commit: c7387da803d693a8101b2c87761a5e981366af73 (patch)
tree: e72215833f3fbef64c2866263f1fd20e0d03e97f /packages/CarrierDefaultApp/src
parent: bf7cb1ca913e84234de61518a7c3bd76212a46f3 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
index 50542818e0d7..6fab9e4641b6 100644
--- a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
+++ b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
@@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity {
         webSettings.setSupportZoom(true);
         webSettings.setBuiltInZoomControls(true);
         webSettings.setDomStorageEnabled(true);
+        webSettings.setAllowFileAccess(false);
         mWebViewClient = new MyWebViewClient();
         mWebView.setWebViewClient(mWebViewClient);
         mWebView.setWebChromeClient(new MyWebChromeClient());
author	Chen Xu <fionaxu@google.com>	2020-04-24 12:26:04 -0700
committer	Chen Xu <fionaxu@google.com>	2020-04-27 22:46:48 -0700
commit	c7387da803d693a8101b2c87761a5e981366af73 (patch)
tree	e72215833f3fbef64c2866263f1fd20e0d03e97f /packages/CarrierDefaultApp/src
parent	bf7cb1ca913e84234de61518a7c3bd76212a46f3 (diff)