services/print · 6f5a8cbe44358bebb82b5b701f15ca2cb7905386 · Farzin Kazemzadeh / platform_frameworks_base-old

Forked from Dhina17 / platform_frameworks_base

Resolve custom printer icon boundary exploit.

kumarashishg authored 1 year ago

Because Settings grants the INTERACT_ACROSS_USERS_FULL permission, an exploit is possible where the third party print plugin service can pass other's User Icon URI. This CL provides a lightweight solution for parsing the image URI to detect profile exploitation.

Bug: 281525042
Test: Build and flash the code. Try to reproduce the issue with
mentioned steps in the bug

Change-Id: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce
Merged-In: Iaaa6fe2a627a265c4d1d7b843a033a132e1fe2ce

df127e12

History

df127e12 1 year ago

History

Code owners

Assign users and groups as approvers for specific file changes. Learn more.

Name	Last commit	Last update
..
java/com/android/server/print
Android.bp
OWNERS
lint-baseline.xml