Commit a604311f authored Apr 05, 2023 by Pranav Madapurmath

Resolve account image icon profile boundary exploit.

Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295
Fixes: 296915211
Test: Unit test to enforce successful/failure path
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
(cherry picked from commit d0d1d38e)
Merged-In: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5
(cherry picked from commit e7d0ca3f)

parent 29b52e3c

Show whitespace changes

Inline Side-by-side

/e/ robot @erobot
mentioned in commit 13980cb7
· Dec 11, 2023

mentioned in commit 13980cb7

mentioned in commit 13980cb7c83cd19b20a9f1b255fc51c6cd761a7c

Toggle commit list
/e/ robot @erobot
mentioned in commit 46031022
· Dec 11, 2023

mentioned in commit 46031022

mentioned in commit 46031022794de9aec99c20d54e759264eec7f0d7

Toggle commit list
/e/ robot @erobot
mentioned in commit 9bbf25ed
· Dec 11, 2023

mentioned in commit 9bbf25ed

mentioned in commit 9bbf25ed9e60d1f3b717d3fa6ed2c34155665baa

Toggle commit list
/e/ robot @erobot
mentioned in commit a4bc335e
· Dec 11, 2023

mentioned in commit a4bc335e

mentioned in commit a4bc335e6b1bae9ec8419246916aa64d454d1756

Toggle commit list
/e/ robot @erobot
mentioned in commit 733a8f6b
· Dec 11, 2023

mentioned in commit 733a8f6b

mentioned in commit 733a8f6b8d4dc2cb43a513a06d71c655976266df

Toggle commit list
/e/ robot @erobot
mentioned in commit 4fd0e1e4
· Dec 11, 2023

mentioned in commit 4fd0e1e4

mentioned in commit 4fd0e1e44d47e0fe09833c503ce4c7e5b7990994

Toggle commit list
/e/ robot @erobot
mentioned in commit 0f844fc0
· Dec 11, 2023

mentioned in commit 0f844fc0

mentioned in commit 0f844fc06054a7bb5a39b2fc223132705801f00b

Toggle commit list
/e/ robot @erobot
mentioned in commit 3af8461c
· Dec 11, 2023

mentioned in commit 3af8461c

mentioned in commit 3af8461ca5fb6ef772267bbfd3d8ce649da07581

Toggle commit list
/e/ robot @erobot
mentioned in commit 03669b92
· Dec 11, 2023

mentioned in commit 03669b92

mentioned in commit 03669b927954eff17f1d3e90f91249e0098357ae

Toggle commit list
/e/ robot @erobot
mentioned in commit db7db13a
· Dec 11, 2023

mentioned in commit db7db13a

mentioned in commit db7db13aa67d5c23313cdfb01f52369be3f1785d

Toggle commit list
/e/ robot @erobot
mentioned in commit f62c4b46
· Dec 11, 2023

mentioned in commit f62c4b46

mentioned in commit f62c4b46bd1c99e04bceab1667bc875873a7e539

Toggle commit list
/e/ robot @erobot
mentioned in commit 25a966f6
· Dec 11, 2023

mentioned in commit 25a966f6

mentioned in commit 25a966f68bd300eeddf7bd6e0ad3b123be6ddbc2

Toggle commit list
/e/ robot @erobot
mentioned in commit a496d3c7
· Dec 11, 2023

mentioned in commit a496d3c7

mentioned in commit a496d3c786ced7fa2893aade138dde9629b80755

Toggle commit list
/e/ robot @erobot
mentioned in commit af9badc1
· Dec 11, 2023

mentioned in commit af9badc1

mentioned in commit af9badc1711546bf2b1a997264ac73c2553e3ba1

Toggle commit list

Please register or to comment