Patch URI vulnerability in contact photo editing (ccfd94b9) · Commits · e / os / android_packages_apps_Contacts · GitLab

Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ccfd94b9 authored Sep 05, 2018 by Gary Mai

Patch URI vulnerability in contact photo editing

Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.

This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).

Fixing here patches both PhotoSelectionHandler.java and
AttachPhotoActivity.java.

Tested:
Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.
ContactPhotoUtilsTest

Bug: 113597344
Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d

parent d67cd7d7

Hide whitespace changes

Inline Side-by-side

Mohit Mali @MohitMali
mentioned in commit 01ee7669
· Feb 14, 2020

mentioned in commit 01ee7669

mentioned in commit 01ee76699983fa83df186ddfa28c5a6a64f702fa

Toggle commit list
Mohit Mali @MohitMali
mentioned in commit f773d8ed
· Feb 14, 2020

mentioned in commit f773d8ed

mentioned in commit f773d8ede57463a7a9f1cfb4a1471f2ea78685af

Toggle commit list
/e/ robot @erobot
mentioned in commit c9932596
· Oct 11, 2020

mentioned in commit c9932596

mentioned in commit c99325960fd343a47a65f77935feaf434c1ad9b6

Toggle commit list
/e/ robot @erobot
mentioned in commit 3193aa52
· Oct 11, 2020

mentioned in commit 3193aa52

mentioned in commit 3193aa52b64b942c0eadcb8f512f76b35ac4c571

Toggle commit list

Please register or to comment