Resolve custom printer icon boundary exploit. - platform/frameworks/base

diff options

author	kumarashishg <kumarashishg@google.com>	2023-07-17 12:01:18 +0000
committer	Ashish Kumar Gupta <kumarashishg@google.com>	2023-07-18 15:31:13 +0000
commit	39f5737626ca644f41fda890c12518ce51875835 (patch)
tree	c1ccd025c92ecf1eaaa0ff7605883b08e0a3de10 /libs/androidfw/ZipFileRO.cpp
parent	0ebf094b7cdbd07df2dc0758cfdd1e10a01a22e2 (diff)

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation. Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

Diffstat (limited to 'libs/androidfw/ZipFileRO.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: