commit 413076efd674d5c558cd754253082fb0a78e8b5c
author Pranav Madapurmath <pmadapurmath@google.com> Thu Jun 13 18:39:16 2024 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Jun 13 18:39:16 2024 +0000
tree 02a8bbe7e6e46fefdf887158c267d7fbe33ec260
parent 06e6d4b3dcd299274f33b59180ddf5d5991a1abf
parent 8c619f58c00047ab0ec687cd231bf93a08db6d55

Merge "Resolve cross-user image exploit for conference status hints" into main

src/com/android/server/telecom/ConnectionServiceWrapper.java

diff --git a/src/com/android/server/telecom/ConnectionServiceWrapper.java b/src/com/android/server/telecom/ConnectionServiceWrapper.java
index 79ce5a3..c3c0c1c 100644
--- a/src/com/android/server/telecom/ConnectionServiceWrapper.java
+++ b/src/com/android/server/telecom/ConnectionServiceWrapper.java
@@ -167,10 +167,17 @@
                 ParcelableConference conference, Session.Info sessionInfo) {
             Log.startSession(sessionInfo, LogUtils.Sessions.CSW_HANDLE_CREATE_CONNECTION_COMPLETE,
                     mPackageAbbreviation);
+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
             long token = Binder.clearCallingIdentity();
             try {
                 synchronized (mLock) {
                     logIncoming("handleCreateConferenceComplete %s", callId);
+                    // Check status hints image for cross user access
+                    if (conference.getStatusHints() != null) {
+                        Icon icon = conference.getStatusHints().getIcon();
+                        conference.getStatusHints().setIcon(StatusHints.
+                                validateAccountIconUserBoundary(icon, callingUserHandle));
+                    }
                     Call call = mCallIdMapper.getCall(callId);
                     if (mScheduledFutureMap.containsKey(call)) {
                         ScheduledFuture<?> existingTimeout = mScheduledFutureMap.get(call);