Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d46d20c5 authored by Anna Bauza's avatar Anna Bauza
Browse files

RESTRICT AUTOMERGE fix: Security Report - Reveal images across users via EditUserPhotoController 

This functionality has implemented tests on t+ branches.

Bug: 296915959
Test: N/A
Change-Id: If79af734432b14be74815a47e1026dc8369a304f
Merged-In: Iffcb615fee4df2e28874db9dd66642cccb81becc
parent 1c656694

packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java

+7 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package com.android.settingslib.users; 


import android.app.Activity;

import android.content.ClipData;

import android.content.ContentProvider;

import android.content.ContentResolver;

import android.content.Context;

import android.content.Intent;
@@ -140,6 +141,12 @@ public class EditUserPhotoController { 
            return false;

        }



        final int currentUserId = UserHandle.myUserId();

        if (currentUserId != ContentProvider.getUserIdFromUri(pictureUri, currentUserId)) {

            Log.e(TAG, "Invalid pictureUri: " + pictureUri);

            return false;

        }



        switch (requestCode) {

            case REQUEST_CODE_CROP_PHOTO:

                onPhotoCropped(pictureUri);