Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telecomm / 4ab4d3dd02671d3e36d83a8de1288364ed576d04
commit4ab4d3dd02671d3e36d83a8de1288364ed576d04[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Thu Jan 02 15:04:45 2025 -0800
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Mon Jan 13 11:46:03 2025 -0800
treed658c9a111e72934565bcea8a2eda6f1cbcbfe66
parent2977b43aaeb56140e19b2fb06cb7fd97d101018f [diff]
Resolve cross account user icon validation.

Resolves a vulnerability found with the cross account user icon
validation in StatusHint and TelecomServiceImpl (when registering a
phone account). The reporter found that an uri formatted as `userId%`
isn't parsed properly with the existing reference to Uri.encodedUserInfo.

Bug: 376461551
Bug: 376259166
Flag: EXEMPT bugfix
Test: atest TelecomServiceImplTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f1be4f4b02ded791ad72725c4eef44287b08b1b)
Merged-In: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
Change-Id: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
2 files changed
tree: d658c9a111e72934565bcea8a2eda6f1cbcbfe66
  1. flags/
  2. libs/
  3. proto/
  4. res/
  5. scripts/
  6. src/
  7. testapps/
  8. tests/
  9. .classpath
  10. .gitignore
  11. .project
  12. Android.bp
  13. AndroidManifest.xml
  14. AndroidManifestLib.xml
  15. CleanSpec.mk
  16. OWNERS
  17. PREUPLOAD.cfg
  18. proguard.flags
  19. TEST_MAPPING