Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / apps / EmergencyInfo / db20ac87a2d006116801557b2b431d5793183b26
commitdb20ac87a2d006116801557b2b431d5793183b26[log] [tgz]
authorOli Lan <olilan@google.com>Fri Feb 25 15:48:29 2022 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Fri Apr 08 20:29:12 2022 +0000
treea235d6431bdbcaf7bac8130792f51d36be9f092b
parent9b0b5cdfebe212d4e2acbc44abe1930727160cfa [diff]
Prevent exfiltration of system files via user image settings.

This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.

The mitigations are:

1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.

2) Only allow a system handler to respond to the CROP intent.

A similar change is made in ag/17003629 which uses the same
mechanism.

Bug: 187702830
Test: builds
Change-Id: Iba9e08b3cf9e31c162354f09aaf6b4f9afb6bd27
(cherry picked from commit fac28abbe64a1c3e430414f35139988ef96edb7c)
Merged-In: Iba9e08b3cf9e31c162354f09aaf6b4f9afb6bd27
1 file changed
tree: a235d6431bdbcaf7bac8130792f51d36be9f092b
  1. res/
  2. src/
  3. tests/
  4. Android.bp
  5. AndroidManifest.xml
  6. CleanSpec.mk
  7. OWNERS
  8. proguard.flags