Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit c9932596 authored by Gary Mai's avatar Gary Mai Committed by Rohit Yengisetty
Browse files

Patch URI vulnerability in contact photo editing 

Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.

This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).

Fixing here patches both PhotoSelectionHandler.java and
AttachPhotoActivity.java.

Tested:
Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.
ContactPhotoUtilsTest

Bug: 113597344
Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d
(cherry picked from commit ccfd94b9)
parent 1b3303cd
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment