Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telecomm / 1c7fbd70da65f7b2dd561af8ec9f94b81acf5baa
commit1c7fbd70da65f7b2dd561af8ec9f94b81acf5baa[log] [tgz]
authorGrant Menke <grantmenke@google.com>Thu Jan 16 15:00:42 2025 -0800
committerGrant Menke <grantmenke@google.com>Fri Jan 17 15:06:15 2025 -0800
tree3be79cb073f2c0147a5b31415f92345fafd4c9d4
parent14e8227996e291237a9fe2388648d5544ef6b3b7 [diff]
Resolve cross account user ringtone validation.

Resolves a vulnerability found with the lack of cross account user ringtone
validation in RingtoneFactory. The reporter found that a ringtone file owned by a different user can be accessed and played by the user who does not own that file.

Bug: 356604577
Flag: EXEMPT Critical CVE bugfix
Test: RingtoneFactoryTest
Change-Id: Ie28e8d0890086caada561ed27dd660836e6aa6bb
3 files changed
tree: 3be79cb073f2c0147a5b31415f92345fafd4c9d4
  1. flags/
  2. libs/
  3. proto/
  4. res/
  5. scripts/
  6. src/
  7. testapps/
  8. tests/
  9. .classpath
  10. .gitignore
  11. .project
  12. Android.bp
  13. AndroidManifest.xml
  14. AndroidManifestLib.xml
  15. CleanSpec.mk
  16. OWNERS
  17. PREUPLOAD.cfg
  18. proguard.flags
  19. TEST_MAPPING