Google Git
Sign in
android / platform / packages / services / Telecomm / 685c2fc2f6b40bb2113db77da270c7b7220791c4
commit685c2fc2f6b40bb2113db77da270c7b7220791c4[log] [tgz]
authorPranav Madapurmath <pmadapurmath@google.com>Thu Jan 02 15:04:45 2025 -0800
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Jan 09 12:32:30 2025 -0800
tree3e33e671134b102b5df99ca7489310726ba5ffb4
parent065ae3cd2fd76c1c5ebb9ca1d5e8e7b4267c06dc [diff]
Resolve cross account user icon validation.

Resolves a vulnerability found with the cross account user icon
validation in StatusHint and TelecomServiceImpl (when registering a
phone account). The reporter found that an uri formatted as `userId%`
isn't parsed properly with the existing reference to Uri.encodedUserInfo.

Bug: 376461551
Bug: 376259166
Flag: EXEMPT bugfix
Test: atest TelecomServiceImplTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2e2fcd5c0ee77febd2c42282f747617193ca7b84)
Merged-In: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
Change-Id: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
2 files changed
tree: 3e33e671134b102b5df99ca7489310726ba5ffb4
  1. flags/
  2. libs/
  3. proto/
  4. res/
  5. scripts/
  6. src/
  7. testapps/
  8. tests/
  9. .classpath
  10. .gitignore
  11. .project
  12. Android.bp
  13. AndroidManifest.xml
  14. AndroidManifestLib.xml
  15. CleanSpec.mk
  16. OWNERS
  17. PREUPLOAD.cfg
  18. proguard.flags
  19. TEST_MAPPING