commit | dcf375806f68ffe703babba4879c60a6797faccf | [log] [tgz] |
---|---|---|
author | Oli Lan <olilan@google.com> | Fri Aug 26 18:29:16 2022 +0100 |
committer | Keith Mok <keithmok@google.com> | Mon Sep 19 23:15:08 2022 +0000 |
tree | 363026a044d8b141a703d69ec5e3216d2e6f13c2 | |
parent | 3e49f8045ba8489575170554f46236e5c85afde2 [diff] |
DO NOT MERGE Prevent exfiltration of system files via avatar picker. This adds mitigations to prevent system files being exfiltrated via the settings content provider when a content URI is provided as a chosen user image. The mitigations are: 1) Copy the image to a new URI rather than the existing takePictureUri prior to cropping. 2) Only allow a system handler to respond to the CROP intent. This is a fixed version of ag/17003629, to address b/239513606. Bug: 187702830 Test: build and check functionality Change-Id: I10c31be238ac7afc56701209c71353ffa31db096
Native (C++) code format is required to be compatible with .clang-format file. Run
git clang-format --style=file --extension='h,cpp,cc' HEAD~
Note that clang-format is not desirable for Android java files. Therefore the command line above is limited to specific extensions.