commit | 7ba8c8f63f1b13b127c871749314a242ff022ae2 | [log] [tgz] |
---|---|---|
author | Pranav Madapurmath <pmadapurmath@google.com> | Thu Jan 02 14:58:50 2025 -0800 |
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Thu Jan 09 12:30:44 2025 -0800 |
tree | 23463e0947adc249c9612cc961db8af831b6e33e | |
parent | 5916a3de10fa9ca6a9b31f489be1838c0a1613f4 [diff] |
Resolve cross account user icon validation. Resolves a vulnerability found with the cross account user icon validation in StatusHint and TelecomServiceImpl (when registering a phone account). The reporter found that an uri formatted as `userId%` isn't parsed properly with the existing reference to Uri.encodedUserInfo. Bug: 376461551 Bug: 376259166 Flag: EXEMPT bugfix Test: atest TelecomServiceImplTest (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:20efc40abbfbb47de5a5a5f959c1db5e4449594e) Merged-In: I25614ead889501f4553ed2b42b366e09a47b0c9f Change-Id: I25614ead889501f4553ed2b42b366e09a47b0c9f