Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c533b566ff60041d4964765ce09a3da78e8866ca
commitc533b566ff60041d4964765ce09a3da78e8866ca[log] [tgz]
authorFyodor Kupolov <fkupolov@google.com>Fri Apr 01 14:37:07 2016 -0700
committerFyodor Kupolov <fkupolov@google.com>Wed Apr 06 14:53:04 2016 -0700
treef607cd7f0c0c179ccf5703b326e4368369e0668c
parent50e229f1f45a1550ba13ec3f81e864630fc3dc1c [diff]
Lock down access to getProfiles for 3P apps

MANAGE_USERS permission is not required if calling userId is the same as
requested user id. Theoretically this allows any 3P app to read UserInfo
state including PII fields like name and icon. The change clears PII fields
if the caller doesn't have MANAGE_USERS permission.

Bug: 27705805
Change-Id: Ic69c8cc6aafb7ac72b4fc2b9691cb8e4bef3fb2c
1 file changed
tree: f607cd7f0c0c179ccf5703b326e4368369e0668c
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. proto/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telecomm/
  24. telephony/
  25. test-runner/
  26. tests/
  27. tools/
  28. wifi/
  29. Android.mk
  30. CleanSpec.mk
  31. MODULE_LICENSE_APACHE2
  32. NOTICE
  33. preloaded-classes