Resolve custom printer icon boundary exploit. - platform/frameworks/base

diff options

author	kumarashishg <kumarashishg@google.com>	2023-07-17 12:01:18 +0000
committer	Ashish Kumar Gupta <kumarashishg@google.com>	2023-07-18 15:31:59 +0000
commit	ab9b96c86406225a35772863fc6913005280f36c (patch)
tree	ba8cfd98383ad599c0b5fcda6823ffdc4ee897c6 /api/api.go
parent	2dfac30c7eb206ce402a2268cfff6967cf19f0ae (diff)

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation. Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

Diffstat (limited to 'api/api.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: