8c619f58c00047ab0ec687cd231bf93a08db6d55 - platform/packages/services/Telecomm

commit	8c619f58c00047ab0ec687cd231bf93a08db6d55	[log] [tgz]
author	Pranav Madapurmath <pmadapurmath@google.com>	Tue Jun 11 22:50:08 2024 -0700
committer	Pranav Madapurmath <pmadapurmath@google.com>	Tue Jun 11 22:50:08 2024 -0700
tree	627f14a2d8c0d942221331684fc54fab2e619cd4
parent	a1e232b188e0e0429c2370f9d269a7d5637077fe [diff]

Resolve cross-user image exploit for conference status hints

Ensure that status hint image icon is validated for cross-user exploits.
Currently, there is no check for this so a conference call can display
an image from another user, exposing a vulnerability.

Bug: 329058967
Test: Manual with POC
Change-Id: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d

src/com/android/server/telecom/ConnectionServiceWrapper.java[diff]

1 file changed

tree: 627f14a2d8c0d942221331684fc54fab2e619cd4

flags/
libs/
proto/
res/
scripts/
src/
testapps/
tests/
.classpath
.gitignore
.project
Android.bp
AndroidManifest.xml
AndroidManifestLib.xml
CleanSpec.mk
OWNERS
PREUPLOAD.cfg
proguard.flags
TEST_MAPPING