Prevent exfiltration of system files via avatar picker. - platform/frameworks/base

diff options

author	Oli Lan <olilan@google.com>	2022-08-26 17:35:21 +0100
committer	Oli Lan <olilan@google.com>	2022-08-26 17:16:55 +0000
commit	1b48ca6b7f44bacdb7b9469bfaf08fe4881ea0ae (patch)
tree	62f5281c10f940793dd6a0eadc8c9bf2a6fba344 /libs/androidfw/ResourceTimer.cpp
parent	d06f5f0f745ad8c765867fa28043f29425bde3a4 (diff)

Prevent exfiltration of system files via avatar picker.

This adds mitigations to prevent system files being exfiltrated via the settings content provider when a content URI is provided as a chosen user image. The mitigations are: 1) Copy the image to a new URI rather than the existing takePictureUri prior to cropping. 2) Only allow a system handler to respond to the CROP intent. This is a fixed version of ag/17071224, to address b/239513606. Bug: 187702830 Test: build and check functionality Change-Id: Ie352d07bbcfc7e0b0a1db1dbe3fd43085e0ecbb6 Merged-In: Idf1ab60878d619ee30505d71e8afe31d8b0c0ebe

Diffstat (limited to 'libs/androidfw/ResourceTimer.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: