)]}'
{"id":"LineageOS%2Fandroid_packages_services_Telecomm~401156","triplet_id":"LineageOS%2Fandroid_packages_services_Telecomm~lineage-20.0~Ib9d701398d25d021cdb9abacbaa5b175f62bee1d","project":"LineageOS/android_packages_services_Telecomm","branch":"lineage-20.0","topic":"T_asb_2024-09","hashtags":[],"change_id":"Ib9d701398d25d021cdb9abacbaa5b175f62bee1d","subject":"Resolve cross-user image exploit for conference status hints","status":"MERGED","created":"2024-09-06 15:51:14.000000000","updated":"2024-09-13 15:22:42.000000000","submitted":"2024-09-13 15:22:42.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"401154-T_asb_2024-09","meta_rev_id":"88a73f0502cd8fda5510cbc458f5d782ea4d497e","_number":401156,"virtual_id_number":401156,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"c3193a0dc8ea7546de0d5ac70f3991b836ee33f8","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-09-06 15:51:14.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"88a73f0502cd8fda5510cbc458f5d782ea4d497e","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-09-13 15:22:42.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"01b95a0e825e29ece8ba00c264f571520bd7fbb7","revisions":{"5175950b17e94e3ea1c92cf7477c21f56c522a2b":{"kind":"REWORK","_number":1,"created":"2024-09-06 15:51:14.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/56/401156/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_services_Telecomm","ref":"refs/changes/56/401156/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1 \u0026\u0026 git checkout -b change-401156 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"86faa37e6319e7a0babdb2279da34250d33c1bd3","subject":"Unbind CallScreeningService when timeout reached.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/86faa37e6319e7a0babdb2279da34250d33c1bd3"}]}],"author":{"name":"Pranav Madapurmath","email":"pmadapurmath@google.com","date":"2024-06-12 05:50:08.000000000","tz":-420},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2024-09-06 13:38:49.000000000","tz":-360},"subject":"Resolve cross-user image exploit for conference status hints","message":"Resolve cross-user image exploit for conference status hints\n\nEnsure that status hint image icon is validated for cross-user exploits.\nCurrently, there is no check for this so a conference call can display\nan image from another user, exposing a vulnerability.\n\nBug: 329058967\nTest: Manual with POC\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a8e2bf9c77cd94f683979c849015b78ef0537802)\nMerged-In: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d\nChange-Id: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/5175950b17e94e3ea1c92cf7477c21f56c522a2b"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/5175950b17e94e3ea1c92cf7477c21f56c522a2b"}]},"branch":"refs/heads/lineage-20.0"},"01b95a0e825e29ece8ba00c264f571520bd7fbb7":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-09-13 15:22:42.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/56/401156/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_services_Telecomm","ref":"refs/changes/56/401156/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2 \u0026\u0026 git checkout -b change-401156 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_services_Telecomm refs/changes/56/401156/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"32ca481ed405bf8dfeb833a8a3507da8c5bc686d","subject":"Unbind CallScreeningService when timeout reached.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/32ca481ed405bf8dfeb833a8a3507da8c5bc686d"}]}],"author":{"name":"Pranav Madapurmath","email":"pmadapurmath@google.com","date":"2024-06-12 05:50:08.000000000","tz":-420},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2024-07-10 22:19:17.000000000","tz":0},"subject":"Resolve cross-user image exploit for conference status hints","message":"Resolve cross-user image exploit for conference status hints\n\nEnsure that status hint image icon is validated for cross-user exploits.\nCurrently, there is no check for this so a conference call can display\nan image from another user, exposing a vulnerability.\n\nBug: 329058967\nTest: Manual with POC\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a8e2bf9c77cd94f683979c849015b78ef0537802)\nMerged-In: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d\nChange-Id: Ib9d701398d25d021cdb9abacbaa5b175f62bee1d\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/01b95a0e825e29ece8ba00c264f571520bd7fbb7"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telecomm/commit/01b95a0e825e29ece8ba00c264f571520bd7fbb7"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}