74b03835a7fac15e854d08159922418c99e27e77 - platform/frameworks/base - Git at Google (original) (raw)

android / platform / frameworks / base / 74b03835a7fac15e854d08159922418c99e27e77

Resolve custom printer icon boundary exploit.

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation.

Bug: 281525042 Test: Build and flash the code. Try to reproduce the issue with mentioned steps in the bug (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0e0693ca9cb408d0dc82f6c6b3feb453fc8ddd83) Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

• services/print/java/com/android/server/print/PrintManagerService.java[diff]

1 file changed

tree: 09a84ab18a051fc74c8fe26b9bfd2bdb300176a3

1. .prebuilt_info/
2. apct-tests/
3. apex/
4. api/
5. boot/
6. cmds/
7. config/
8. core/
9. data/
10. docs/
11. drm/
12. errorprone/
13. graphics/
14. identity/
15. keystore/
16. libs/
17. location/
18. lowpan/
19. media/
20. mime/
21. mms/
22. native/
23. nfc-extras/
24. obex/
25. opengl/
26. packages/
27. proto/
28. rs/
29. samples/
30. sax/
31. services/
32. startop/
33. telecomm/
34. telephony/
35. test-base/
36. test-legacy/
37. test-mock/
38. test-runner/
39. tests/
40. tools/
41. wifi/
42. .clang-format
43. .gitignore
44. .mailmap
45. Android.bp
46. Android.mk
47. ApiDocs.bp
48. BATTERY_STATS_OWNERS
49. CleanSpec.mk
50. framework-jarjar-rules.txt
51. METADATA
52. MODULE_LICENSE_APACHE2
53. MULTIUSER_OWNERS
54. NOTICE
55. OWNERS
56. OWNERS.md
57. pathmap.mk
58. PREUPLOAD.cfg
59. ProtoLibraries.bp
60. StubLibraries.bp
61. TEST_MAPPING
62. TestProtoLibraries.bp
63. ZYGOTE_OWNERS