Google Git
Sign in
android / platform / packages / apps / EmergencyInfo / f01bc2e704cc765c3847e21354db90424b52bf5f
commitf01bc2e704cc765c3847e21354db90424b52bf5f[log] [tgz]
authorOli Lan <olilan@google.com>Fri Aug 26 18:33:53 2022 +0100
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Tue Oct 18 07:23:39 2022 +0000
tree0c46450d87fc796f106469948fd62c4ff68e5dd0
parent693ee8e8f4e3e2bedef6baebd416505b1cfc2dc0 [diff]
Prevent exfiltration of system files via avatar picker.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

This is a fixed version of ag/17004678, to address b/239513606.

Bug: 187702830
Test: build and check functionality
Change-Id: I07bb987b930b851a28871a13032b8fcfcd96d6d1
(cherry picked from commit 5981e18eb50c54088dc29f8a1e1dc8efdd4bb887)
Merged-In: I07bb987b930b851a28871a13032b8fcfcd96d6d1
1 file changed
tree: 0c46450d87fc796f106469948fd62c4ff68e5dd0
  1. res/
  2. src/
  3. tests/
  4. Android.bp
  5. AndroidManifest.xml
  6. CleanSpec.mk
  7. OWNERS
  8. proguard.flags