Patch URI vulnerability in contact photo editing
Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.
This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).
Fixing here patches both PhotoSelectionHandler.java and
Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.
(cherry picked from commit ccfd94b965c1e9c2e0b239c12137c239c602070d)
2 files changed