)]}'
{
  "commit": "bfb1cd5fd27c8d854336163540bb5b014ad504d1",
  "tree": "ce9f0f03a590990f76054ad11d6c6c7646f9999a",
  "parents": [
    "4fe1d2d420804ccd67f21ca7da369ea3c74d0190"
  ],
  "author": {
    "name": "Oli Lan",
    "email": "olilan@google.com",
    "time": "Thu Mar 03 16:56:18 2022 +0000"
  },
  "committer": {
    "name": "Oli Lan",
    "email": "olilan@google.com",
    "time": "Thu Mar 03 16:56:18 2022 +0000"
  },
  "message": "Prevent exfiltration of system files via user image settings.\n\nThis is a backport of ag/17005706.\n\nThis adds mitigations to prevent system files being exfiltrated\nvia the settings content provider when a content URI is provided\nas a chosen user image.\n\nThe mitigations are:\n\n1) Copy the image to a new URI rather than the existing takePictureUri\nprior to cropping.\n\n2) Only allow a system handler to respond to the CROP intent.\n\nBug: 187702830\nTest: build and check functionality\nMerged-In: Idf1ab60878d619ee30505d71e8afe31d8b0c0ebe\nChange-Id: Ieee3f2d8057e648bde52a91463d517abb47f37eb\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f9584a3e15e9a7a789316b42307ae859b5959b99",
      "old_mode": 33188,
      "old_path": "packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java",
      "new_id": "c346142c20f6d261c729485a6202a60d361eb91f",
      "new_mode": 33188,
      "new_path": "packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java"
    }
  ]
}
