Prevent exfiltration of system files via avatar picker.
This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.
The mitigations are:
1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.
2) Only allow a system handler to respond to the CROP intent.
This is a fixed version of ag/17004678, to address b/239513606.
Bug: 187702830
Test: build and check functionality
Change-Id: I07bb987b930b851a28871a13032b8fcfcd96d6d1
(cherry picked from commit 5981e18eb50c54088dc29f8a1e1dc8efdd4bb887)
Merged-In: I07bb987b930b851a28871a13032b8fcfcd96d6d1
1 file changed