Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8950a900 authored Feb 25, 2022 by Oli Lan

Prevent exfiltration of system files via user image settings.

This is a backport of ag/17005706.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

Bug: 187702830
Test: build and check functionality
Change-Id: Ia6314b6810afb5efa0329f3eeaee9ccfff791966
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb

parent 4e543a38

Hide whitespace changes

Inline Side-by-side

/e/ robot @erobot
mentioned in commit d1a55f05
· Jun 13, 2022

mentioned in commit d1a55f05

mentioned in commit d1a55f057503b13a1b3f2d3d4e511dfa63188449

Toggle commit list
/e/ robot @erobot
mentioned in commit 7a478432
· Jun 24, 2022

mentioned in commit 7a478432

mentioned in commit 7a4784322596aa6819ec48e5b2c595adfd384344

Toggle commit list
/e/ robot @erobot
mentioned in commit 03e65dc0
· Dec 11, 2022

mentioned in commit 03e65dc0

mentioned in commit 03e65dc06ee489e5e28f5f711d3e99aa97207ecb

Toggle commit list
/e/ robot @erobot
mentioned in commit e56bc355
· Dec 17, 2022

mentioned in commit e56bc355

mentioned in commit e56bc355909f992704411ac1e28acb359cefcf2e

Toggle commit list

Please register or to comment