e7d0ca3fe5be6e393f643f565792ea5e7ed05f48 - android_packages_services_Telecomm

commit	e7d0ca3fe5be6e393f643f565792ea5e7ed05f48	[log] [tgz]
author	Pranav Madapurmath <pmadapurmath@google.com>	Wed Apr 05 21:36:12 2023 +0000
committer	Pranav Madapurmath <pmadapurmath@google.com>	Fri Apr 07 22:41:11 2023 +0000
tree	ca1ccdc62970013c368fd06aac23f343e16affa2
parent	3aa15709a895ff7ce61bd64c38531adac3a609f9 [diff]

Resolve account image icon profile boundary exploit.

Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295
Test: Unit test to enforce successful/failure path
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
(cherry picked from commit d0d1d38e37de54e58a7532a0020582fbd7d476b7)
Merged-In: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5

src/com/android/server/telecom/TelecomServiceImpl.java[diff]
tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java[diff]

2 files changed

tree: ca1ccdc62970013c368fd06aac23f343e16affa2

libs/
proto/
res/
scripts/
src/
testapps/
tests/
.classpath
.gitignore
.project
Android.bp
AndroidManifest.xml
CleanSpec.mk
OWNERS
PREUPLOAD.cfg
proguard.flags
TEST_MAPPING