Loading src/com/android/server/telecom/TelecomServiceImpl.java +8 −9 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ import android.provider.Settings; import android.telecom.Log; import android.telecom.PhoneAccount; import android.telecom.PhoneAccountHandle; import android.telecom.StatusHints; import android.telecom.TelecomAnalytics; import android.telecom.TelecomManager; import android.telecom.VideoProfile; Loading Loading @@ -2586,11 +2587,10 @@ public class TelecomServiceImpl { // incompatible types. if (icon != null && (icon.getType() == Icon.TYPE_URI || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { String encodedUser = icon.getUri().getEncodedUserInfo(); // If there is no encoded user, the URI is calling into the calling user space if (encodedUser != null) { int userId = Integer.parseInt(encodedUser); if (userId != UserHandle.getUserId(Binder.getCallingUid())) { int callingUserId = UserHandle.getCallingUserId(); int requestingUserId = StatusHints.getUserIdFromAuthority( icon.getUri().getAuthority(), callingUserId); if(callingUserId != requestingUserId) { // If we are transcending the profile boundary, throw an error. throw new IllegalArgumentException("Attempting to register a phone account with" + " an image icon belonging to another user."); Loading @@ -2598,4 +2598,3 @@ public class TelecomServiceImpl { } } } } tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java +14 −0 Original line number Diff line number Diff line Loading @@ -617,6 +617,20 @@ public class TelecomServiceImplTest extends TelecomTestCase { // This should fail; security exception will be thrown. registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri( new Uri.Builder().scheme("content") .encodedAuthority("10%40media") .path("external/images/media/${mediaId.text}".trim()) .build()); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should fail; security exception will be thrown registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri( Uri.parse("content://10%40play.ground")); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should fail; security exception will be thrown registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri("content://0@media/external/images/media/"); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should succeed. Loading Loading
src/com/android/server/telecom/TelecomServiceImpl.java +8 −9 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ import android.provider.Settings; import android.telecom.Log; import android.telecom.PhoneAccount; import android.telecom.PhoneAccountHandle; import android.telecom.StatusHints; import android.telecom.TelecomAnalytics; import android.telecom.TelecomManager; import android.telecom.VideoProfile; Loading Loading @@ -2586,11 +2587,10 @@ public class TelecomServiceImpl { // incompatible types. if (icon != null && (icon.getType() == Icon.TYPE_URI || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { String encodedUser = icon.getUri().getEncodedUserInfo(); // If there is no encoded user, the URI is calling into the calling user space if (encodedUser != null) { int userId = Integer.parseInt(encodedUser); if (userId != UserHandle.getUserId(Binder.getCallingUid())) { int callingUserId = UserHandle.getCallingUserId(); int requestingUserId = StatusHints.getUserIdFromAuthority( icon.getUri().getAuthority(), callingUserId); if(callingUserId != requestingUserId) { // If we are transcending the profile boundary, throw an error. throw new IllegalArgumentException("Attempting to register a phone account with" + " an image icon belonging to another user."); Loading @@ -2598,4 +2598,3 @@ public class TelecomServiceImpl { } } } }
tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java +14 −0 Original line number Diff line number Diff line Loading @@ -617,6 +617,20 @@ public class TelecomServiceImplTest extends TelecomTestCase { // This should fail; security exception will be thrown. registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri( new Uri.Builder().scheme("content") .encodedAuthority("10%40media") .path("external/images/media/${mediaId.text}".trim()) .build()); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should fail; security exception will be thrown registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri( Uri.parse("content://10%40play.ground")); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should fail; security exception will be thrown registerPhoneAccountTestHelper(phoneAccount, false); icon = Icon.createWithContentUri("content://0@media/external/images/media/"); phoneAccount = makePhoneAccount(phHandle).setIcon(icon).build(); // This should succeed. Loading
