fix: Security Report - Reveal images across users via EditUserPhotoController (d2c71467) · Commits · e / os / android_packages_apps_Settings

src/com/android/settings/users/EditUserPhotoController.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package com.android.settings.users;

		import android.app.Activity;
		import android.content.ClipData;
		import android.content.ContentProvider;
		import android.content.ContentResolver;
		import android.content.Context;
		import android.content.Intent;
		@@ -132,6 +133,12 @@ public class EditUserPhotoController {
		return false;
		}

		final int currentUserId = UserHandle.myUserId();
		if (currentUserId != ContentProvider.getUserIdFromUri(pictureUri, currentUserId)) {
		Log.e(TAG, "Invalid pictureUri: " + pictureUri);
		return false;
		}

		switch (requestCode) {
		case REQUEST_CODE_CROP_PHOTO:
		onPhotoCropped(pictureUri, true);