Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / services / Telecomm / refs/heads/odm/dev/target/13/fp5
commit677428ef049d745a1aa4330d50b4b865d3980de6[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Wed Apr 05 21:36:12 2023 +0000
committerandroid-t1 <android-t1@t2mobile.com>Wed Nov 29 10:31:38 2023 +0800
tree0ce8c56cd7fe2f45b7b4ab9c7355835c5b70d245
parent59104a2e3076dca799477e76480d02c621118a44 [diff]
Resolve account image icon profile boundary exploit.

Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295
Fixes: 296915211
Test: Unit test to enforce successful/failure path
(cherry picked from commit d0d1d38e37de54e58a7532a0020582fbd7d476b7)
(cherry picked from commit e7d0ca3fe5be6e393f643f565792ea5e7ed05f48)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a604311f86ea8136ca2ac9f9ff0af7fa57ee3f42)
Merged-In: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
2 files changed
tree: 0ce8c56cd7fe2f45b7b4ab9c7355835c5b70d245
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .project
  10. Android.bp
  11. AndroidManifest.xml
  12. CleanSpec.mk
  13. OWNERS
  14. PREUPLOAD.cfg
  15. proguard.flags
  16. TEST_MAPPING