Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f70e351d authored Aug 26, 2022 by Oli Lan

Prevent exfiltration of system files via avatar picker.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

This is a fixed version of ag/17003629, to address b/239513606.

Bug: 187702830
Test: build and check functionality
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
Change-Id: I98eea867f926c508456ec9bc654e24eeeffa0e54

parent b9bafa0d

Hide whitespace changes

Inline Side-by-side

/e/ robot @erobot
mentioned in commit a28eabcb
· Dec 11, 2022

mentioned in commit a28eabcb

mentioned in commit a28eabcbd57cd9b7db3f9dace3184203bea6c143

Toggle commit list
/e/ robot @erobot
mentioned in commit 64bac61e
· Dec 17, 2022

mentioned in commit 64bac61e

mentioned in commit 64bac61e49f9c64f19a51e8416d271441a557a60

Toggle commit list

Please register or to comment