Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d1a55f05 authored by Oli Lan's avatar Oli Lan Committed by Android Build Coastguard Worker
Browse files

Prevent exfiltration of system files via user image settings. 

This is a backport of ag/17005706.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

Bug: 187702830
Test: build and check functionality
Change-Id: Ia6314b6810afb5efa0329f3eeaee9ccfff791966
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
(cherry picked from commit 8950a900)
(cherry picked from commit 3c63dd20ebdbead1ea92d16ee94a9397238895d5)
Merged-In: Ia6314b6810afb5efa0329f3eeaee9ccfff791966
parent fe8fe00d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment