a8e2bf9c77cd94f683979c849015b78ef0537802 - android_packages_services_Telecomm

commit	a8e2bf9c77cd94f683979c849015b78ef0537802	[log] [tgz]
author	Pranav Madapurmath <pmadapurmath@google.com>	Tue Jun 11 22:50:08 2024 -0700
committer	Pranav Madapurmath <pmadapurmath@google.com>	Wed Jun 12 05:54:31 2024 +0000
tree	a530533460a090b1ff298c9e1d6aa17c035cfb1a
parent	286781dfcb78d8b5c1a77f2390f5251f01943add [diff]

Resolve cross-user image exploit for conference status hints

Ensure that status hint image icon is validated for cross-user exploits.
Currently, there is no check for this so a conference call can display
an image from another user, exposing a vulnerability.

Bug: 329058967
Test: Manual with POC
Change-Id: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d
Merged-In: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d

src/com/android/server/telecom/ConnectionServiceWrapper.java[diff]

1 file changed

tree: a530533460a090b1ff298c9e1d6aa17c035cfb1a

libs/
proto/
res/
scripts/
src/
testapps/
tests/
.classpath
.project
Android.bp
AndroidManifest.xml
CleanSpec.mk
OWNERS
PREUPLOAD.cfg
proguard.flags
TEST_MAPPING