Skip to content
Commit bfb1cd5f authored by Oli Lan's avatar Oli Lan
Browse files

Prevent exfiltration of system files via user image settings.

This is a backport of ag/17005706.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

Bug: 187702830
Test: build and check functionality
Merged-In: Idf1ab60878d619ee30505d71e8afe31d8b0c0ebe
Change-Id: Ieee3f2d8057e648bde52a91463d517abb47f37eb
parent 4fe1d2d4
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment