5f1be4f4b02ded791ad72725c4eef44287b08b1b - android_packages_services_Telecomm

commit	5f1be4f4b02ded791ad72725c4eef44287b08b1b	[log] [tgz]
author	Pranav Madapurmath <pmadapurmath@google.com>	Thu Jan 02 15:04:45 2025 -0800
committer	Pranav Madapurmath <pmadapurmath@google.com>	Fri Jan 03 12:47:36 2025 -0800
tree	cdaa662c11ef6f5db43a3719a12b34b7ba5de723
parent	35c9a70ffe5fd6674e0e2f4834d116c7184bd943 [diff]

Resolve cross account user icon validation.

Resolves a vulnerability found with the cross account user icon
validation in StatusHint and TelecomServiceImpl (when registering a
phone account). The reporter found that an uri formatted as `userId%`
isn't parsed properly with the existing reference to Uri.encodedUserInfo.

Bug: 376461551
Bug: 376259166
Flag: EXEMPT bugfix
Test: atest TelecomServiceImplTest
Change-Id: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f

src/com/android/server/telecom/TelecomServiceImpl.java[diff]
tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java[diff]

2 files changed

tree: cdaa662c11ef6f5db43a3719a12b34b7ba5de723

flags/
libs/
proto/
res/
scripts/
src/
testapps/
tests/
.classpath
.gitignore
.project
Android.bp
AndroidManifest.xml
AndroidManifestLib.xml
CleanSpec.mk
OWNERS
PREUPLOAD.cfg
proguard.flags
TEST_MAPPING