Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit ec5b5e1d authored by Oli Lan's avatar Oli Lan Committed by Kevin F. Haggerty
Browse files

Prevent exfiltration of system files via avatar picker. 

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

This is a fixed version of ag/17071224, to address b/239513606.

Bug: 187702830
Test: build and check functionality
Change-Id: Ie352d07bbcfc7e0b0a1db1dbe3fd43085e0ecbb6
Merged-In: Idf1ab60878d619ee30505d71e8afe31d8b0c0ebe
(cherry picked from commit 1b48ca6b)
Merged-In: Ie352d07bbcfc7e0b0a1db1dbe3fd43085e0ecbb6
parent a8afb70e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment