Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 47af07fb authored by Oli Lan's avatar Oli Lan Committed by Android Build Coastguard Worker
Browse files

Prevent exfiltration of system files via avatar picker. 

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

This is a fixed version of ag/17005706, to address b/239513606.

Bug: 187702830
Test: atest AvatarPhotoControllerTest
Change-Id: I21f1b25154dc00a305bdadb96fdf22edff31d9b8
(cherry picked from commit b76141eb)
Merged-In: I21f1b25154dc00a305bdadb96fdf22edff31d9b8
parent 323a44aa
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment