Greetings Android.
Recently, I'm tracing the Bluetooth operating mechanism in Android
framework. I've notice that there's some strict file type limitation
which was enhanced by this patch [1] while receiving files via OPP.
in package com.android.bluetooth.opp , there's a fixed white list in
Constants.java
/**
* The MIME type(s) of we could accept from other device.
* This is in essence a "white list" of acceptable types.
* Today, restricted to images, audio, video and certain text types.
*/
public static final String[] ACCEPTABLE_SHARE_INBOUND_TYPES = new
String[] {
/* ... some types such as images and music ... */
};
which limits the acceptable file types with a white list instead of
original black list in BluetoothOppObexServerSession.java
// Reject policy: anything outside the "white list" plus
unspecified
// MIME Types.
if (!pre_reject
&& (mimeType == null || (!
Constants.mimeTypeMatches(mimeType,
Constants.ACCEPTABLE_SHARE_INBOUND_TYPES)))) {
if (D) Log.w(TAG, "mimeType is null or in unacceptable
list, reject the transfer");
pre_reject = true;
obexResponse = ResponseCodes.OBEX_HTTP_UNSUPPORTED_TYPE;
I'd like to figure out the motivation of this patch. What makes us
concern about the MIME type in this situation? In my knowledge, we may
like to block the executable files (i.e. *.apk, *.so) since those
files may harm our device. If blocking some specific types is the
reason we set a list here, why would we use a white list instead of a
black list just before this patch? Is there some similar limitation
when we transmit files via other non-bluetooth protocols such as HTTP?
[1]:
http://android.git.kernel.org/?p=platform/packages/apps/Bluetooth.git;a=commit;h=fb946935fe50d957e835ac00a592bd3d222edef3
--
You received this message because you are subscribed to the Google Groups
"Android Discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-discuss?hl=en.
