diff options
Diffstat (limited to 'src/com/android/server/telecom/TelecomServiceImpl.java')
-rw-r--r-- | src/com/android/server/telecom/TelecomServiceImpl.java | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java index ee7aba6c7..576ac1088 100644 --- a/src/com/android/server/telecom/TelecomServiceImpl.java +++ b/src/com/android/server/telecom/TelecomServiceImpl.java @@ -43,6 +43,7 @@ import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.content.pm.ParceledListSlice; import android.content.pm.ResolveInfo; +import android.graphics.drawable.Icon; import android.net.Uri; import android.os.Binder; import android.os.Build; @@ -599,6 +600,9 @@ public class TelecomServiceImpl { .build(); } + // Validate the profile boundary of the given image URI. + validateAccountIconUserBoundary(account.getIcon()); + final long token = Binder.clearCallingIdentity(); try { mPhoneAccountRegistrar.registerPhoneAccount(account); @@ -2752,4 +2756,22 @@ public class TelecomServiceImpl { mContext.sendBroadcast(intent); } } + + private void validateAccountIconUserBoundary(Icon icon) { + // Refer to Icon#getUriString for context. The URI string is invalid for icons of + // incompatible types. + if (icon != null && (icon.getType() == Icon.TYPE_URI + || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { + String encodedUser = icon.getUri().getEncodedUserInfo(); + // If there is no encoded user, the URI is calling into the calling user space + if (encodedUser != null) { + int userId = Integer.parseInt(encodedUser); + if (userId != UserHandle.getUserId(Binder.getCallingUid())) { + // If we are transcending the profile boundary, throw an error. + throw new IllegalArgumentException("Attempting to register a phone account with" + + " an image icon belonging to another user."); + } + } + } + } } |