commit | 4bff4ffdf1028c4ae4d09921f35e309567d94c32 | [log] [tgz] |
---|---|---|
author | Cassie Wang <cassiewang@google.com> | Fri Jul 16 13:03:19 2021 -0700 |
committer | Cassie Wang <cassiewang@google.com> | Mon Jul 19 16:17:29 2021 -0700 |
tree | d60deda8c8669e94c176be79185ec9c03ce97c60 | |
parent | 1dd1ddc9914ad290208b42a251cf58c39b980109 [diff] |
Ensure calling user is the same as requested user. This prevents any cross-user requests. Cross-user requests are already not allowed, but due to a bug elsewhere in the code. This intentionally handles the case and also throws a SecurityException. Bug: 193903221 Test: presubmit Test: manually checked cross-user requests get an exception. Change-Id: I5bd867b86b972452daa2d8253f3c19f059a8a4b3