Resolve custom printer icon boundary exploit. - platform/frameworks/base

diff options

author	kumarashishg <kumarashishg@google.com>	2023-07-17 12:01:18 +0000
committer	Ashish Kumar Gupta <kumarashishg@google.com>	2023-07-18 15:28:52 +0000
commit	f83f592d6d01271ba062065f072819dffa3b8976 (patch)
tree	77cced13c6ed680c30739219d9b6902e32aa1679 /libs/androidfw/StringPool.cpp
parent	31ecd6ad45c7d0e4409e91fcf00b6857c34f806e (diff)

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation. Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: