The exploit works great with chrome browser,but failed to leak data in chromium browser. #4
Description
logcat output:
D/MediaResourceGetter(19636): canonicalized file path: /data/data/com.android.browser/cache/.org.chromium.Chromium.t4IIzY
E/MediaResourceGetter(19636): Refusing to read from unsafe file location.
E/MediaResourceGetter(19636): Unable to configure metadata extractor
As you mentioned the method described to leak infomation cannot be used on SBrowser, maybe it's the same problem.
When looking into the MediaResourceGetter.java, I find a methord filePathAcceptable will check if the path is safe to read,and ("/data/data/" + PACKAGE_NAME + "/cache/") should be a safe place.But in our case,MediaResourceGetter refused to read from "/data/data/com.android.browser/cache/.org.chromium.Chromium.t4IIzY",that's weird.