Patch URI vulnerability in contact photo editing
Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.
This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).
Fixing here patches both PhotoSelectionHandler.java and
AttachPhotoActivity.java.
Tested:
Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.
ContactPhotoUtilsTest
Bug: 113597344
Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d
2 files changed