packages_apps_Contacts, branch cm-13.0 Unnamed repository; edit this file 'description' to name the repository. Automatic translation import 2019-08-10T18:49:40+00:00 Michael Bestas mkbestas@lineageos.org 2019-08-10T18:49:40+00:00 a02c818f59957f7bba3ce31faf8b4fff16062db9 Change-Id: Ifc51521870c294101a6b6e8810d2ce6ace95a334 
Change-Id: Ifc51521870c294101a6b6e8810d2ce6ace95a334
Patch URI vulnerability in contact photo editing 2019-02-02T20:51:31+00:00 Gary Mai garymai@google.com 2018-09-05T22:17:41+00:00 52851972282d45af9514a8c46e226216292a9b5d Don't allow reading of "file://" URIs that don't point to "/storage" during the photo saving flow. This is to prevent malicious apps from asking us to read our own private files which we copy into a temporary "content://" URI that we give to a cropping app (with permission to read). Fixing here patches both PhotoSelectionHandler.java and AttachPhotoActivity.java. Tested: Manual with the fake gallery app. Confirmed that selecting an "image" with a URI of our own shared_pref file fails without reading it. ContactPhotoUtilsTest Bug: 113597344 Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d (cherry picked from commit ccfd94b965c1e9c2e0b239c12137c239c602070d) CVE-2018-9587 
Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.

This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).

Fixing here patches both PhotoSelectionHandler.java and
AttachPhotoActivity.java.

Tested:
Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.
ContactPhotoUtilsTest

Bug: 113597344
Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d
(cherry picked from commit ccfd94b965c1e9c2e0b239c12137c239c602070d)
CVE-2018-9587
Automatic translation import 2017-12-14T02:58:19+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-12-14T02:58:19+00:00 6a2c65b96c508637e3326dfefd33e8ec287052a2 Change-Id: I1f980b9c7a575db3cf58ded8a1f29e0c10ee74be 
Change-Id: I1f980b9c7a575db3cf58ded8a1f29e0c10ee74be
Automatic translation import 2017-09-20T00:16:07+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-09-20T00:16:07+00:00 375f0f461fb35da65bbbc84e32c46ebc2921f256 Change-Id: I5455288646819b4e539d98ab09445deffcdf5877 
Change-Id: I5455288646819b4e539d98ab09445deffcdf5877
Automatic translation import 2017-07-28T04:20:57+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-07-28T04:20:57+00:00 3e5d2dc583ace5b4f1f66f3a3915757ca751b1f3 Change-Id: I42d90ff892b2a2a04c6650441b36e704b39c72a8 
Change-Id: I42d90ff892b2a2a04c6650441b36e704b39c72a8
Automatic translation import 2017-07-04T03:42:06+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-07-04T03:42:06+00:00 93507dec66b01af5ffe5f79aeef9de8eb0488a44 Change-Id: I4f4995313643c30be86e7180d9cb89bed4b4276f 
Change-Id: I4f4995313643c30be86e7180d9cb89bed4b4276f
Automatic translation import 2017-06-23T05:40:40+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-06-23T05:40:40+00:00 ac7f94d8074b485aa414d7af333d7c14fc778c12 Change-Id: I2167cab9b35149f7fc2b1f6581de427c910ede78 
Change-Id: I2167cab9b35149f7fc2b1f6581de427c910ede78
Automatic translation import 2017-06-04T01:42:34+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-06-04T01:42:34+00:00 f471b06d64bcade27a87a2e5b266c5c6a72327c0 Change-Id: Iec2ecc09a3242d6e06abb4cd5b69c0a01c19403c 
Change-Id: Iec2ecc09a3242d6e06abb4cd5b69c0a01c19403c
Automatic translation import 2017-04-28T21:27:37+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-04-28T21:27:37+00:00 76cc0f38cf9c4fd9bce3222dfb5aa665160876d9 Change-Id: I5ca8ef0d4afbad8b30ef9c576632c30956d1ecb5 
Change-Id: I5ca8ef0d4afbad8b30ef9c576632c30956d1ecb5
Automatic translation import 2017-02-20T00:52:17+00:00 Abhisek Devkota ciwrl@lineageos.org 2017-02-20T00:52:17+00:00 979a31b60e34b66189ad6783f70e61bf0b527aa8 Change-Id: I418361a27359f83e7a818fa64881394c2d4a9a2f 
Change-Id: I418361a27359f83e7a818fa64881394c2d4a9a2f