commit | 0947ef7f860c5f275689524ed0b8d3e6c4e5fe57 | [log] [tgz] |
---|---|---|
author | Pranav Madapurmath <pmadapurmath@google.com> | Thu Jan 02 14:58:50 2025 -0800 |
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Mon Jan 13 11:44:42 2025 -0800 |
tree | ea772c3cbed84843ba00a72112e6807e919c73bd | |
parent | f79cc5227ff321ebaa588ac6cb36da70e8cbe2cf [diff] |
Resolve cross account user icon validation. Resolves a vulnerability found with the cross account user icon validation in StatusHint and TelecomServiceImpl (when registering a phone account). The reporter found that an uri formatted as `userId%` isn't parsed properly with the existing reference to Uri.encodedUserInfo. Bug: 376461551 Bug: 376259166 Flag: EXEMPT bugfix Test: atest TelecomServiceImplTest (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9a260d5e11ce9b4b794079baaee8ecba96d5116b) Merged-In: I25614ead889501f4553ed2b42b366e09a47b0c9f Change-Id: I25614ead889501f4553ed2b42b366e09a47b0c9f