Resolve cross account user icon validation. - platform/frameworks/base

diff options

author	Pranav Madapurmath <pmadapurmath@google.com>	2025-01-02 14:58:50 -0800
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2025-01-13 11:44:42 -0800
commit	0947ef7f860c5f275689524ed0b8d3e6c4e5fe57 (patch)
tree	ea772c3cbed84843ba00a72112e6807e919c73bd /libs/androidfw/StringPool.cpp
parent	f79cc5227ff321ebaa588ac6cb36da70e8cbe2cf (diff)

Resolve cross account user icon validation.

Resolves a vulnerability found with the cross account user icon validation in StatusHint and TelecomServiceImpl (when registering a phone account). The reporter found that an uri formatted as `userId%` isn't parsed properly with the existing reference to Uri.encodedUserInfo. Bug: 376461551 Bug: 376259166 Flag: EXEMPT bugfix Test: atest TelecomServiceImplTest (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9a260d5e11ce9b4b794079baaee8ecba96d5116b) Merged-In: I25614ead889501f4553ed2b42b366e09a47b0c9f Change-Id: I25614ead889501f4553ed2b42b366e09a47b0c9f

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: