fix: Security Report - Reveal images across users via EditUserPhotoController (6aa1b4fb) · Commits · e / os / android_frameworks_base

packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package com.android.settingslib.users;

		import android.app.Activity;
		import android.content.ClipData;
		import android.content.ContentProvider;
		import android.content.ContentResolver;
		import android.content.Context;
		import android.content.Intent;
		@@ -140,6 +141,12 @@ public class EditUserPhotoController {
		return false;
		}

		final int currentUserId = UserHandle.myUserId();
		if (currentUserId != ContentProvider.getUserIdFromUri(pictureUri, currentUserId)) {
		Log.e(TAG, "Invalid pictureUri: " + pictureUri);
		return false;
		}

		switch (requestCode) {
		case REQUEST_CODE_CROP_PHOTO:
		onPhotoCropped(pictureUri);