Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_services_Telecomm / refs/heads/arcadia-next
commit73a20462a42d582d5b91c7d83d06560939b4dc96[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Thu Jan 02 15:04:45 2025 -0800
committerhmtheboy154 <buingoc67@gmail.com>Sun Apr 06 10:48:43 2025 -0400
tree52c7f3d280f49d4309aed664fdc735ac49f40552
parent854b41c62fcd761c22779808b6281192c6c558f5 [diff]
Resolve cross account user icon validation.

Resolves a vulnerability found with the cross account user icon
validation in StatusHint and TelecomServiceImpl (when registering a
phone account). The reporter found that an uri formatted as `userId%`
isn't parsed properly with the existing reference to Uri.encodedUserInfo.

Bug: 376461551
Bug: 376259166
Flag: EXEMPT bugfix
Test: atest TelecomServiceImplTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4c046b179d4bdffa6d35f9637b0f4cc359a67451)
Merged-In: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
Change-Id: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
2 files changed
tree: 52c7f3d280f49d4309aed664fdc735ac49f40552
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .gitignore
  10. .project
  11. Android.bp
  12. AndroidManifest.xml
  13. CleanSpec.mk
  14. OWNERS
  15. PREUPLOAD.cfg
  16. proguard.flags
  17. TEST_MAPPING