Resolve custom printer icon boundary exploit. - platform/frameworks/base

diff options

author	kumarashishg <kumarashishg@google.com>	2023-07-17 12:01:18 +0000
committer	Ashish Kumar Gupta <kumarashishg@google.com>	2023-07-18 15:25:50 +0000
commit	9adc7202d833890753e0a1ce919e75aacee1a92b (patch)
tree	9765ef4434f18817ce92e8ddc27ee2d404ccc44d /libs/hwui/FrameInfoVisualizer.cpp
parent	cdb758450b0dbc2398b3facadf8486ef98f2c583 (diff)

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation. Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

Diffstat (limited to 'libs/hwui/FrameInfoVisualizer.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: