Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telecomm / cfc855ba46db6c18d7948e563870423610deae71
commitcfc855ba46db6c18d7948e563870423610deae71[log] [tgz]
authorGrant Menke <grantmenke@google.com>Thu Jan 16 15:00:42 2025 -0800
committerGrant Menke <grantmenke@google.com>Wed Jan 22 10:44:05 2025 -0800
tree2f7819a26c4b26825ac8e9bc204c60be93f22e11
parent0e7ac12f099b2a930f2298eec879078d89673657 [diff]
Resolve cross account user ringtone validation.

Resolves a vulnerability found with the lack of cross account user ringtone
validation in RingtoneFactory. The reporter found that a ringtone file owned by a different user can be accessed and played by the user who does not own that file.

Bug: 356604577
Flag: EXEMPT Critical CVE bugfix
Test: RingtoneFactoryTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7fbd70da65f7b2dd561af8ec9f94b81acf5baa)
Merged-In: Ie28e8d0890086caada561ed27dd660836e6aa6bb
Change-Id: Ie28e8d0890086caada561ed27dd660836e6aa6bb
2 files changed
tree: 2f7819a26c4b26825ac8e9bc204c60be93f22e11
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .gitignore
  10. .project
  11. Android.bp
  12. AndroidManifest.xml
  13. CleanSpec.mk
  14. OWNERS
  15. PREUPLOAD.cfg
  16. proguard.flags
  17. TEST_MAPPING