commit e0f8214e80372b2578a40e37296e8b8180c1443b
author Andras Kloczl <andraskloczl@google.com> Tue Mar 09 20:38:56 2021 +0000
committer András Klöczl <andraskloczl@google.com> Thu Mar 11 00:15:46 2021 +0000
tree 85459b9e79ae80efc3b741c7c5946021fa0492f5
parent efb2543e93a16e48739ff568bd929ddce5fb4c27

Prevent using invalid result uri during multi user image change

Test: manual
Bug: 172939189
Change-Id: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb

src/com/android/settings/users/EditUserPhotoController.java

diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java
index 3253f79..f62a2d5 100644
--- a/src/com/android/settings/users/EditUserPhotoController.java
+++ b/src/com/android/settings/users/EditUserPhotoController.java
@@ -37,6 +37,7 @@
 import android.os.UserManager;
 import android.provider.ContactsContract.DisplayPhoto;
 import android.provider.MediaStore;
+import android.util.EventLog;
 import android.util.Log;
 import android.view.Gravity;
 import android.view.View;
@@ -116,6 +117,14 @@
         }
         final Uri pictureUri = data != null && data.getData() != null
                 ? data.getData() : mTakePictureUri;
+
+        // Check if the result is a content uri
+        if (!ContentResolver.SCHEME_CONTENT.equals(pictureUri.getScheme())) {
+            Log.e(TAG, "Invalid pictureUri scheme: " + pictureUri.getScheme());
+            EventLog.writeEvent(0x534e4554, "172939189", -1, pictureUri.getPath());
+            return false;
+        }
+
         switch (requestCode) {
             case REQUEST_CODE_CROP_PHOTO:
                 onPhotoCropped(pictureUri, true);