Resolve cross account user icon validation. am: 7c87253b23 am: 9fa012fa9b am:... (34312807) · Commits · e / os / android_packages_services_Telecomm

src/com/android/server/telecom/TelecomServiceImpl.java

+8 −9

Original line number	Original line	Diff line number	Diff line
	@@ -63,6 +63,7 @@ import android.telecom.CallException;
	import android.telecom.Log;		import android.telecom.Log;
	import android.telecom.PhoneAccount;		import android.telecom.PhoneAccount;
	import android.telecom.PhoneAccountHandle;		import android.telecom.PhoneAccountHandle;
			import android.telecom.StatusHints;
	import android.telecom.TelecomAnalytics;		import android.telecom.TelecomAnalytics;
	import android.telecom.TelecomManager;		import android.telecom.TelecomManager;
	import android.telecom.VideoProfile;		import android.telecom.VideoProfile;
	@@ -3150,11 +3151,10 @@ public class TelecomServiceImpl {
	// incompatible types.		// incompatible types.
	if (icon != null && (icon.getType() == Icon.TYPE_URI		if (icon != null && (icon.getType() == Icon.TYPE_URI
	\|\| icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) {		\|\| icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) {
	String encodedUser = icon.getUri().getEncodedUserInfo();		int callingUserId = UserHandle.getCallingUserId();
	// If there is no encoded user, the URI is calling into the calling user space		int requestingUserId = StatusHints.getUserIdFromAuthority(
	if (encodedUser != null) {		icon.getUri().getAuthority(), callingUserId);
	int userId = Integer.parseInt(encodedUser);		if(callingUserId != requestingUserId) {
	if (userId != UserHandle.getUserId(Binder.getCallingUid())) {
	// If we are transcending the profile boundary, throw an error.		// If we are transcending the profile boundary, throw an error.
	throw new IllegalArgumentException("Attempting to register a phone account with"		throw new IllegalArgumentException("Attempting to register a phone account with"
	+ " an image icon belonging to another user.");		+ " an image icon belonging to another user.");
	@@ -3162,4 +3162,3 @@ public class TelecomServiceImpl {
	}		}
	}		}
	}		}
	}

tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java

+14 −0

Original line number	Original line	Diff line number	Diff line
	@@ -963,6 +963,20 @@ public class TelecomServiceImplTest extends TelecomTestCase {
	// This should fail; security exception will be thrown.		// This should fail; security exception will be thrown.
	registerPhoneAccountTestHelper(phoneAccount, false);		registerPhoneAccountTestHelper(phoneAccount, false);

			icon = Icon.createWithContentUri(
			new Uri.Builder().scheme("content")
			.encodedAuthority("10%40media")
			.path("external/images/media/${mediaId.text}".trim())
			.build());
			phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build();
			// This should fail; security exception will be thrown
			registerPhoneAccountTestHelper(phoneAccount, false);

			icon = Icon.createWithContentUri( Uri.parse("content://10%40play.ground"));
			phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build();
			// This should fail; security exception will be thrown
			registerPhoneAccountTestHelper(phoneAccount, false);

	icon = Icon.createWithContentUri("content://0@media/external/images/media/");		icon = Icon.createWithContentUri("content://0@media/external/images/media/");
	phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build();		phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build();
	// This should succeed.		// This should succeed.