Prevent exfiltration of system files via avatar picker.
This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.
The mitigations are:
1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.
2) Only allow a system handler to respond to the CROP intent.
This is a fixed version of ag/17003629, to address b/239513606.
Bug: 187702830
Test: build and check functionality
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
Change-Id: I98eea867f926c508456ec9bc654e24eeeffa0e54
(cherry picked from commit f70e351d1a3bc7765da1fa8f9e0bb52d425b27e4)
Merged-In: I98eea867f926c508456ec9bc654e24eeeffa0e54
1 file changed