Loading services/print/java/com/android/server/print/PrintManagerService.java +34 −1 Original line number Original line Diff line number Diff line Loading @@ -253,12 +253,45 @@ public final class PrintManagerService extends SystemService { } } final long identity = Binder.clearCallingIdentity(); final long identity = Binder.clearCallingIdentity(); try { try { return userState.getCustomPrinterIcon(printerId); Icon icon = userState.getCustomPrinterIcon(printerId); return validateIconUserBoundary(icon); } finally { } finally { Binder.restoreCallingIdentity(identity); Binder.restoreCallingIdentity(identity); } } } } /** * Validates the custom printer icon to see if it's not in the calling user space. * If the condition is not met, return null. Otherwise, return the original icon. * * @param icon * @return icon (validated) */ private Icon validateIconUserBoundary(Icon icon) { // Refer to Icon#getUriString for context. The URI string is invalid for icons of // incompatible types. if (icon != null && (icon.getType() == Icon.TYPE_URI || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { String encodedUser = icon.getUri().getEncodedUserInfo(); // If there is no encoded user, the URI is calling into the calling user space if (encodedUser != null) { int userId = Integer.parseInt(encodedUser); // resolve encoded user final int resolvedUserId = resolveCallingUserEnforcingPermissions(userId); synchronized (mLock) { // Only the current group members can get the printer icons. if (resolveCallingProfileParentLocked(resolvedUserId) != getCurrentUserId()) { return null; } } } } return icon; } @Override @Override public void cancelPrintJob(PrintJobId printJobId, int appId, int userId) { public void cancelPrintJob(PrintJobId printJobId, int appId, int userId) { if (printJobId == null) { if (printJobId == null) { Loading Loading
services/print/java/com/android/server/print/PrintManagerService.java +34 −1 Original line number Original line Diff line number Diff line Loading @@ -253,12 +253,45 @@ public final class PrintManagerService extends SystemService { } } final long identity = Binder.clearCallingIdentity(); final long identity = Binder.clearCallingIdentity(); try { try { return userState.getCustomPrinterIcon(printerId); Icon icon = userState.getCustomPrinterIcon(printerId); return validateIconUserBoundary(icon); } finally { } finally { Binder.restoreCallingIdentity(identity); Binder.restoreCallingIdentity(identity); } } } } /** * Validates the custom printer icon to see if it's not in the calling user space. * If the condition is not met, return null. Otherwise, return the original icon. * * @param icon * @return icon (validated) */ private Icon validateIconUserBoundary(Icon icon) { // Refer to Icon#getUriString for context. The URI string is invalid for icons of // incompatible types. if (icon != null && (icon.getType() == Icon.TYPE_URI || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { String encodedUser = icon.getUri().getEncodedUserInfo(); // If there is no encoded user, the URI is calling into the calling user space if (encodedUser != null) { int userId = Integer.parseInt(encodedUser); // resolve encoded user final int resolvedUserId = resolveCallingUserEnforcingPermissions(userId); synchronized (mLock) { // Only the current group members can get the printer icons. if (resolveCallingProfileParentLocked(resolvedUserId) != getCurrentUserId()) { return null; } } } } return icon; } @Override @Override public void cancelPrintJob(PrintJobId printJobId, int appId, int userId) { public void cancelPrintJob(PrintJobId printJobId, int appId, int userId) { if (printJobId == null) { if (printJobId == null) { Loading
