Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_apps_Settings / d29c6aedbd4f832f616021106bea66039530667d
commitd29c6aedbd4f832f616021106bea66039530667d[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Mon Mar 13 12:37:52 2017 -0600
committerJeff Sharkey <jsharkey@android.com>Mon Mar 13 12:40:48 2017 -0600
treef00c592546e589c26dd9a38cdd2fa1abd904734b
parent72c7a83141919e5c90c129a1ab37bd31aac939bb [diff]
Only crop photos owned by Settings.

A recent security change locks down the ability for the system UID to
issue Uri permission grants.  This helps mitigate an entire class of
confused deputy security issues.

However, Settings (which runs as the system UID) was still relying on
issuing Uri permission grants to the photo cropper.  The simplest way
to keep that working is to add the "com.android.settings.files"
authority to a whitelist, and only request cropping of Uris from that
location.

This means that if the GET_CONTENT decides to return a Uri (instead
of streaming it into mTakePictureUri), then we need to copy it
ourselves locally before we can send it along to the cropper.

Test: builds, boots, both take/choose photos work
Bug: 33019296, 35158271
Change-Id: I2541c33e8d9452357cb9fc2e021ca74d5a43d5ff
1 file changed
tree: f00c592546e589c26dd9a38cdd2fa1abd904734b
  1. res/
  2. src/
  3. tests/
  4. Android.mk
  5. AndroidManifest.xml
  6. CleanSpec.mk
  7. MODULE_LICENSE_APACHE2
  8. NOTICE
  9. PREUPLOAD.cfg
  10. proguard.flags
  11. wrap_alpha.py