diff options
| author | Chen Xu <fionaxu@google.com> | 2020-04-24 12:26:04 -0700 |
|---|---|---|
| committer | Chen Xu <fionaxu@google.com> | 2020-04-27 22:46:48 -0700 |
| commit | c7387da803d693a8101b2c87761a5e981366af73 (patch) | |
| tree | e72215833f3fbef64c2866263f1fd20e0d03e97f /packages/CarrierDefaultApp | |
| parent | bf7cb1ca913e84234de61518a7c3bd76212a46f3 (diff) | |
Fix WebView vulnerability by disallowing file access
Fix webvuew vulnerability inside captiveportal activity by disallowing
access private file in app's sandbox.
Bug: 150610071
Test: Build
Change-Id: I67e695478476b6ee9cf21ed41213f25441d9776a
(cherry picked from commit fef654fffc4783f71f94600597e2fb69249eeb35)
Merged-in: I67e695478476b6ee9cf21ed41213f25441d9776a
Diffstat (limited to 'packages/CarrierDefaultApp')
| -rw-r--r-- | packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java index 50542818e0d7..6fab9e4641b6 100644 --- a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java +++ b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java @@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity { webSettings.setSupportZoom(true); webSettings.setBuiltInZoomControls(true); webSettings.setDomStorageEnabled(true); + webSettings.setAllowFileAccess(false); mWebViewClient = new MyWebViewClient(); mWebView.setWebViewClient(mWebViewClient); mWebView.setWebChromeClient(new MyWebChromeClient()); |