From 9c0024f455e41566579d963533a26048c7e2587f Mon Sep 17 00:00:00 2001
From: Andras Kloczl <andraskloczl@google.com>
Date: Tue, 9 Mar 2021 17:40:40 +0000
Subject: [PATCH] Prevent using invalid result uri during multi user image
 change

Test: manual
Bug: 172939189
Change-Id: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
---
 .../android/settings/users/EditUserPhotoController.java  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java
index c348b4aa0d9..0f67b181de3 100644
--- a/src/com/android/settings/users/EditUserPhotoController.java
+++ b/src/com/android/settings/users/EditUserPhotoController.java
@@ -38,6 +38,7 @@ import android.os.UserHandle;
 import android.os.UserManager;
 import android.provider.ContactsContract.DisplayPhoto;
 import android.provider.MediaStore;
+import android.util.EventLog;
 import android.support.v4.content.FileProvider;
 import android.util.Log;
 import android.view.Gravity;
@@ -114,6 +115,14 @@ public class EditUserPhotoController {
         }
         final Uri pictureUri = data != null && data.getData() != null
                 ? data.getData() : mTakePictureUri;
+
+        // Check if the result is a content uri
+        if (!ContentResolver.SCHEME_CONTENT.equals(pictureUri.getScheme())) {
+            Log.e(TAG, "Invalid pictureUri scheme: " + pictureUri.getScheme());
+            EventLog.writeEvent(0x534e4554, "172939189", -1, pictureUri.getPath());
+            return false;
+        }
+
         switch (requestCode) {
             case REQUEST_CODE_CROP_PHOTO:
                 onPhotoCropped(pictureUri, true);