Merge "Resolve cross account user icon validation." into sc-dev am: 9500429c09 am: 01e8b84ac9 am: a44093b9a8 am: 997f3dc238 am: c4739d27d2

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/31157005 Change-Id: I2e95e99569aba9de61b8192c8475c03a969c1c21 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Pranav Madapurmath <pmadapurmath@google.com> 2025-01-07 15:57:22 -0800
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2025-01-07 15:57:22 -0800
commit: c55006269b39043c352131f9a5bb68017144ccb4 (patch)
tree: 261b6d3046caa815ce06eed8154521600e8c082a
parent: 87a04e1567f250d62cb680c755fd6fdd6c19dc3e (diff)
parent: c4739d27d2c22fa5a725ae53b3278594125215e9 (diff)
1 files changed, 28 insertions, 6 deletions
diff --git a/telecomm/java/android/telecom/StatusHints.java b/telecomm/java/android/telecom/StatusHints.java
index 5f0c8d729e74..31b84ff04b85 100644
--- a/telecomm/java/android/telecom/StatusHints.java
+++ b/telecomm/java/android/telecom/StatusHints.java
@@ -27,6 +27,7 @@ import android.os.Bundle;
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.os.UserHandle;
+import android.util.Log;
 
 import com.android.internal.annotations.VisibleForTesting;
 
@@ -40,6 +41,7 @@ public final class StatusHints implements Parcelable {
     private final CharSequence mLabel;
     private Icon mIcon;
     private final Bundle mExtras;
+    private static final String TAG = StatusHints.class.getSimpleName();
 
     /**
      * @hide
@@ -150,17 +152,37 @@ public final class StatusHints implements Parcelable {
         // incompatible types.
         if (icon != null && (icon.getType() == Icon.TYPE_URI
                 || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) {
-            String encodedUser = icon.getUri().getEncodedUserInfo();
-            // If there is no encoded user, the URI is calling into the calling user space
-            if (encodedUser != null) {
-                int userId = Integer.parseInt(encodedUser);
-                // Do not try to save the icon if the user id isn't in the calling user space.
-                if (userId != callingUserHandle.getIdentifier()) return null;
+            int callingUserId = callingUserHandle.getIdentifier();
+            int requestingUserId = getUserIdFromAuthority(
+                    icon.getUri().getAuthority(), callingUserId);
+            if (callingUserId != requestingUserId) {
+                return null;
             }
+
         }
         return icon;
     }
 
+    /**
+     * Derives the user id from the authority or the default user id if none could be found.
+     * @param auth
+     * @param defaultUserId
+     * @return The user id from the given authority.
+     * @hide
+     */
+    public static int getUserIdFromAuthority(String auth, int defaultUserId) {
+        if (auth == null) return defaultUserId;
+        int end = auth.lastIndexOf('@');
+        if (end == -1) return defaultUserId;
+        String userIdString = auth.substring(0, end);
+        try {
+            return Integer.parseInt(userIdString);
+        } catch (NumberFormatException e) {
+            Log.w(TAG, "Error parsing userId." + e);
+            return UserHandle.USER_NULL;
+        }
+    }
+
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeCharSequence(mLabel);
author	Pranav Madapurmath <pmadapurmath@google.com>	2025-01-07 15:57:22 -0800
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2025-01-07 15:57:22 -0800
commit	c55006269b39043c352131f9a5bb68017144ccb4 (patch)
tree	261b6d3046caa815ce06eed8154521600e8c082a
parent	87a04e1567f250d62cb680c755fd6fdd6c19dc3e (diff)
parent	c4739d27d2c22fa5a725ae53b3278594125215e9 (diff)