Resolve custom printer icon boundary exploit. - platform/frameworks/base

diff options

author	kumarashishg <kumarashishg@google.com>	2023-07-17 12:01:18 +0000
committer	Ashish Kumar Gupta <kumarashishg@google.com>	2023-07-18 15:32:27 +0000
commit	c58f2b7b262eee49130f47d72247615f07af4a81 (patch)
tree	f1ec0757d622364420f67ac2dbef83847d790820 /wifi/java/src
parent	99c28e88c564a8338f59eec57d62f6dd01a997ca (diff)

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation. Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

Diffstat (limited to 'wifi/java/src')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: