diff options
| author | 2025-04-22 22:01:54 +0000 | |
|---|---|---|
| committer | 2025-09-18 11:01:28 +0200 | |
| commit | 140b79a7333360c2720381f8c4c0f5e2e66a932f (patch) | |
| tree | 7e8510217fabef6e88aebfc1358f35784020ab1b /jarjar-rules-shared.txt | |
| parent | 3449e9e2cd2738d8cdeb88514498f728622e3a6b (diff) | |
[SP 2025-09-01] Remove get/set of voicemail ringtone uri in shared preferences.banksia-dev
Prior to Android P, TelephonyManager#setVoicemailRingtoneUri was used
by the dialer app to set the voicemail notification sound played when
the platform got a new voicemail notification. Likewise,
getVoicemailRingtoneUri was used to retrieve the set value.
Prior to P this was just saved in the shared prefs, but after P a
migration was done to move the shared preference to the
NotificationChannel#getSound for the voicemail notification. If, however,
you called `setVoicemailRingtoneUri` it was still possible to change the
shared preference and have that migrated to be set on the notification
channel, causing a cross-profile exploit.
In the current world, the notifications for voicemail are NOT posted in
Telephony any more, and are instead associated with the notification
channel for voicemail IN the dialer app. On the off chance a dialer does
not show the voicemail notification, Telephony can post it as well, but
at this point the related sound is expected to be associated with the
notification channel.
To mitigate this cross-profile vulnerability:
1. Ensure TelephonyManager#setVoicemailRingtoneUri does not save to shared
preferences any more.
2. Ensure the TelephonyManager#getVoicemailRingtoneUrigetRingtoneUri ONLY
queries from the notification channel, and not from the shared
preferences since that is not used. This ensures we can never return a
bad URI set via the setter.
3. Remove the code in migrateVoicemailNotificationSettings which will take
the shared preference and migrate it over to the channel; this is not
needed as realistically ANY device from P would have updated LONG ago and
had its notification setting migrated to the channel anyways.
Test: Change the default voicemail notification channel sound on
"phone services"; verify that Dialer can still get this value.
Test: Changed the voicemail notification channel in the dialer app so that
it has a different value; verify that voicemail notifications use the
correct sound.
Flag: EXEMPT security patch.
Bug: 325030433
Merged-In: I7252c692eb2a5ff4b4fcbddba77425cb423539f3
Change-Id: I7252c692eb2a5ff4b4fcbddba77425cb423539f3
(cherry picked from commit 8e47af093625b997ffb8ca0379a4a56c02ddeb20)
Change-Id: I4fd7224e7c72b5aefe839fd94e3022f51cae7a04
Diffstat (limited to 'jarjar-rules-shared.txt')
0 files changed, 0 insertions, 0 deletions