Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telecomm / ffeadbdd23db1b578100b3e664e4233c7e3fafd4
commitffeadbdd23db1b578100b3e664e4233c7e3fafd4[log] [tgz]
authorGrant Menke <grantmenke@google.com>Thu Jan 16 15:00:42 2025 -0800
committerGrant Menke <grantmenke@google.com>Wed Jan 22 10:42:07 2025 -0800
treeac7a8c19fd439ac4fe7eb17356a906798afd9e42
parent6d2711f73eaebeecb9eb2cf621bf6203c3af22cd [diff]
Resolve cross account user ringtone validation.

Resolves a vulnerability found with the lack of cross account user ringtone
validation in RingtoneFactory. The reporter found that a ringtone file owned by a different user can be accessed and played by the user who does not own that file.

Bug: 356604577
Flag: EXEMPT Critical CVE bugfix
Test: RingtoneFactoryTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7fbd70da65f7b2dd561af8ec9f94b81acf5baa)
Merged-In: Ie28e8d0890086caada561ed27dd660836e6aa6bb
Change-Id: Ie28e8d0890086caada561ed27dd660836e6aa6bb
2 files changed
tree: ac7a8c19fd439ac4fe7eb17356a906798afd9e42
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .gitignore
  10. .project
  11. Android.bp
  12. AndroidManifest.xml
  13. CleanSpec.mk
  14. OWNERS
  15. PREUPLOAD.cfg
  16. proguard.flags
  17. TEST_MAPPING