Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_services_Telecomm / 0ed0ea1e3da175f0dac03d6fd59de6fd4cfc5872
commit0ed0ea1e3da175f0dac03d6fd59de6fd4cfc5872[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Tue Jun 11 22:50:08 2024 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Fri Jul 19 20:25:00 2024 +0000
tree5c941056c9252ab64349b06c6593105542de4f4a
parent8cf4b262bf07ba2a1d4a6acee3efb495f6a7e910 [diff]
Resolve cross-user image exploit for conference status hints

Ensure that status hint image icon is validated for cross-user exploits.
Currently, there is no check for this so a conference call can display
an image from another user, exposing a vulnerability.

Bug: 329058967
Test: Manual with POC
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8c619f58c00047ab0ec687cd231bf93a08db6d55)
Merged-In: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d
Change-Id: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d
1 file changed
tree: 5c941056c9252ab64349b06c6593105542de4f4a
  1. flags/
  2. libs/
  3. proto/
  4. res/
  5. scripts/
  6. src/
  7. testapps/
  8. tests/
  9. .classpath
  10. .gitignore
  11. .project
  12. Android.bp
  13. AndroidManifest.xml
  14. AndroidManifestLib.xml
  15. CleanSpec.mk
  16. OWNERS
  17. PREUPLOAD.cfg
  18. proguard.flags
  19. TEST_MAPPING