summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Anna Bauza <annabauza@google.com> 2024-08-02 09:06:32 +0000
committer Anna Bauza <annabauza@google.com> 2024-08-29 18:29:55 +0000
commita57c898661b3710f562cf2eb711ab9cc5610a3a3 (patch)
tree7c7440f738cee49e07a0a1ce84c4b494109711b4
parent54749a90ea8c9caaef6a066ac3bf264ca86c7c5a (diff)
RESTRICT AUTOMERGE fix: Security Report - Reveal images across users via EditUserPhotoController
This functionality has implemented tests on t+ branches. Bug: 296915959 Test: N/A Change-Id: If79af734432b14be74815a47e1026dc8369a304f Merged-In: Iffcb615fee4df2e28874db9dd66642cccb81becc Merged-In: Ia5fdd5df21b19ea61a838354515e31ae941c1ed2
Diffstat
-rw-r--r--packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java7
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java b/packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java
index 0c6cd048619c..1c3dea71ad45 100644
--- a/packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java
+++ b/packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java
@@ -18,6 +18,7 @@ package com.android.settingslib.users;
import android.app.Activity;
import android.content.ClipData;
+import android.content.ContentProvider;
import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
@@ -140,6 +141,12 @@ public class EditUserPhotoController {
return false;
}
+ final int currentUserId = UserHandle.myUserId();
+ if (currentUserId != ContentProvider.getUserIdFromUri(pictureUri, currentUserId)) {
+ Log.e(TAG, "Invalid pictureUri: " + pictureUri);
+ return false;
+ }
+
switch (requestCode) {
case REQUEST_CODE_CROP_PHOTO:
onPhotoCropped(pictureUri);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-02 09:37:04 +0000