commit 9c0024f455e41566579d963533a26048c7e2587f
author Andras Kloczl <andraskloczl@google.com> Tue Mar 09 17:40:40 2021 +0000
committer András Klöczl <andraskloczl@google.com> Thu Mar 11 00:16:03 2021 +0000
tree 65b15fa40bcab3aafe2dca64dca60ea1984ac88b
parent 8a79a4314d001a5e86f6a2eb42f56132d2003fe6

Prevent using invalid result uri during multi user image change

Test: manual
Bug: 172939189
Change-Id: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb

src/com/android/settings/users/EditUserPhotoController.java

diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java
index c348b4aa..0f67b18 100644
--- a/src/com/android/settings/users/EditUserPhotoController.java
+++ b/src/com/android/settings/users/EditUserPhotoController.java
@@ -38,6 +38,7 @@
 import android.os.UserManager;
 import android.provider.ContactsContract.DisplayPhoto;
 import android.provider.MediaStore;
+import android.util.EventLog;
 import android.support.v4.content.FileProvider;
 import android.util.Log;
 import android.view.Gravity;
@@ -114,6 +115,14 @@
         }
         final Uri pictureUri = data != null && data.getData() != null
                 ? data.getData() : mTakePictureUri;
+
+        // Check if the result is a content uri
+        if (!ContentResolver.SCHEME_CONTENT.equals(pictureUri.getScheme())) {
+            Log.e(TAG, "Invalid pictureUri scheme: " + pictureUri.getScheme());
+            EventLog.writeEvent(0x534e4554, "172939189", -1, pictureUri.getPath());
+            return false;
+        }
+
         switch (requestCode) {
             case REQUEST_CODE_CROP_PHOTO:
                 onPhotoCropped(pictureUri, true);