+59
−36
Loading
Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more
This adds mitigations to prevent system files being exfiltrated via the settings content provider when a content URI is provided as a chosen user image. The mitigations are: 1) Copy the image to a new URI rather than the existing takePictureUri prior to cropping. 2) Only allow a system handler to respond to the CROP intent. This is a fixed version of ag/17005706, to address b/239513606. Bug: 187702830 Test: atest AvatarPhotoControllerTest Change-Id: I21f1b25154dc00a305bdadb96fdf22edff31d9b8