Google Git
Sign in
android / platform / packages / services / Telephony / 76467ce5606ca15a23125e1979ada74ba843cd6a
commit76467ce5606ca15a23125e1979ada74ba843cd6a[log] [tgz]
authorThomas Stuart <tjstuart@google.com>Wed Mar 19 21:05:03 2025 +0000
committerThomas Stuart <tjstuart@google.com>Tue May 20 15:55:48 2025 -0700
tree34f8911a6faa829d02752b1e238559b553e33944
parent9be016a6f4030dc3965971c40bf3f8c6d7db2450 [diff]
fix: Use permission check for contact URI validation

Changed the validation logic in onActivityResult for contact data.
Instead of comparing user IDs, the code now verifies if the caller
has explicit read permission for the returned URI using
checkContentUriPermission.

This ensures proper access control based on granted permissions.
Throws SecurityException on denial for better error reporting.

Flag: EXEMPT security fix
Bug: 337785563
Test: manual - steps for manual test
      1. remove sim
      2. sign into personal/test acct
      3. create a pin for the personal acct
      4. create a work profile via adb cmd
      5. add pin for work profile
      6. add a work profile contact
      7. open PoC app
Change-Id: Ic5634fdc08c817a8ddac9eee7310d808782e2c08
(cherry picked from commit 9eb57535ecb11f271ace6e138b84594474a6e244)
1 file changed
tree: 34f8911a6faa829d02752b1e238559b553e33944
  1. assets/
  2. client/
  3. ecc/
  4. res/
  5. src/
  6. testapps/
  7. tests/
  8. utils/
  9. Android.bp
  10. AndroidManifest.xml
  11. CleanSpec.mk
  12. lint.xml
  13. OWNERS
  14. PREUPLOAD.cfg
  15. proguard.flags
  16. TEST_MAPPING