Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0d1d38e authored Apr 05, 2023 by Pranav Madapurmath

Resolve account image icon profile boundary exploit.

Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295
Test: Unit test to enforce successful/failure path
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5

parent ba9b68e8

Show whitespace changes

Inline Side-by-side

/e/ robot @erobot
mentioned in commit 7d7738e0
· Mar 26, 2024

mentioned in commit 7d7738e0

mentioned in commit 7d7738e02fc32810c4d2b3b996ba65542a5aa284

Toggle commit list
/e/ robot @erobot
mentioned in commit 74cf226b
· Feb 15, 2025

mentioned in commit 74cf226b

mentioned in commit 74cf226b7d68c6d261887bf759e28a1c20c48c60

Toggle commit list

Please register or to comment