commit 6746add669688765a78d98e9a5bbadcaaca5299d
author Andras Kloczl <andraskloczl@google.com> Tue Mar 09 17:40:40 2021 +0000
committer András Klöczl <andraskloczl@google.com> Thu Mar 11 00:16:46 2021 +0000
tree b39baeb331aa06b2b2663e7ff974866dc82bf3d1
parent 48ec74592d11aad3c5ae1012266cf7b162af8edb

Prevent using invalid result uri during multi user image change

Test: manual
Bug: 172939189
Change-Id: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb

src/com/android/settings/users/EditUserPhotoController.java

diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java
index c348b4aa..0f67b18 100644
--- a/src/com/android/settings/users/EditUserPhotoController.java
+++ b/src/com/android/settings/users/EditUserPhotoController.java
@@ -38,6 +38,7 @@
 import android.os.UserManager;
 import android.provider.ContactsContract.DisplayPhoto;
 import android.provider.MediaStore;
+import android.util.EventLog;
 import android.support.v4.content.FileProvider;
 import android.util.Log;
 import android.view.Gravity;
@@ -114,6 +115,14 @@
         }
         final Uri pictureUri = data != null && data.getData() != null
                 ? data.getData() : mTakePictureUri;
+
+        // Check if the result is a content uri
+        if (!ContentResolver.SCHEME_CONTENT.equals(pictureUri.getScheme())) {
+            Log.e(TAG, "Invalid pictureUri scheme: " + pictureUri.getScheme());
+            EventLog.writeEvent(0x534e4554, "172939189", -1, pictureUri.getPath());
+            return false;
+        }
+
         switch (requestCode) {
             case REQUEST_CODE_CROP_PHOTO:
                 onPhotoCropped(pictureUri, true);