Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_services_Telecomm / fb52342b4c1a6b879728df7b96ef38b82612313f
commitfb52342b4c1a6b879728df7b96ef38b82612313f[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Wed Apr 05 21:36:12 2023 +0000
committerJackeagle <jackeagle102@gmail.com>Sun Dec 10 01:04:16 2023 -0500
tree2472f080c6d1067d76e00bd2d06b6df00b4fa65d
parent050e58fe34b5d1abc32c0a0adbe7ff8516622ee6 [diff]
Resolve account image icon profile boundary exploit.

Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295
Fixes: 296915211
Test: Unit test to enforce successful/failure path
(cherry picked from commit d0d1d38e37de54e58a7532a0020582fbd7d476b7)
(cherry picked from commit e7d0ca3fe5be6e393f643f565792ea5e7ed05f48)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a604311f86ea8136ca2ac9f9ff0af7fa57ee3f42)
Merged-In: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
2 files changed
tree: 2472f080c6d1067d76e00bd2d06b6df00b4fa65d
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .gitignore
  10. .project
  11. Android.bp
  12. AndroidManifest.xml
  13. CleanSpec.mk
  14. OWNERS
  15. PREUPLOAD.cfg
  16. proguard.flags
  17. TEST_MAPPING