Google Git
Sign in
android / platform / frameworks / base / 74b03835a7fac15e854d08159922418c99e27e77
commit74b03835a7fac15e854d08159922418c99e27e77[log] [tgz]
authorkumarashishg <kumarashishg@google.com>Mon Jul 17 12:01:18 2023 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Jan 11 04:45:53 2024 +0000
tree09a84ab18a051fc74c8fe26b9bfd2bdb300176a3
parent3b7fa771d7156f2eef4b4eb0d3f5054d416ca3ea [diff]
Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation.

Bug: 281525042
Test: Build and flash the code. Try to reproduce the issue with
mentioned steps in the bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0e0693ca9cb408d0dc82f6c6b3feb453fc8ddd83)
Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce
Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce
1 file changed
tree: 09a84ab18a051fc74c8fe26b9bfd2bdb300176a3
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. lowpan/
  19. media/
  20. mime/
  21. mms/
  22. native/
  23. nfc-extras/
  24. obex/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. Android.bp
  46. Android.mk
  47. ApiDocs.bp
  48. BATTERY_STATS_OWNERS
  49. CleanSpec.mk
  50. framework-jarjar-rules.txt
  51. METADATA
  52. MODULE_LICENSE_APACHE2
  53. MULTIUSER_OWNERS
  54. NOTICE
  55. OWNERS
  56. OWNERS.md
  57. pathmap.mk
  58. PREUPLOAD.cfg
  59. ProtoLibraries.bp
  60. StubLibraries.bp
  61. TEST_MAPPING
  62. TestProtoLibraries.bp
  63. ZYGOTE_OWNERS