)]}'
{"id":"LineageOS%2Fandroid_packages_services_Telephony~366330","triplet_id":"LineageOS%2Fandroid_packages_services_Telephony~lineage-20.0~I1e3a643f17948153aecc1d0df9ffd9619ad678c1","project":"LineageOS/android_packages_services_Telephony","branch":"lineage-20.0","topic":"T_asb_2023-09","hashtags":[],"change_id":"I1e3a643f17948153aecc1d0df9ffd9619ad678c1","subject":"Fixed leak of cross user data in multiple settings.","status":"MERGED","created":"2023-09-16 16:54:24.000000000","updated":"2023-09-18 13:52:39.000000000","submitted":"2023-09-18 13:52:39.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"366330-T_asb_2023-09","meta_rev_id":"116393d301e228c20bf63f7fdf5464828286e9d0","_number":366330,"virtual_id_number":366330,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"39760fdf8fe912bb75242b91aa5ef131db5aed63","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2023-09-16 16:54:24.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"116393d301e228c20bf63f7fdf5464828286e9d0","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2023-09-18 13:52:39.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"674039e70e1c5bf29b808899ac80c709acc82290","revisions":{"3306e7a9b606f775c9307c150fd5cb23ad719bf2":{"kind":"REWORK","_number":1,"created":"2023-09-16 16:54:24.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/30/366330/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_services_Telephony","ref":"refs/changes/30/366330/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1 \u0026\u0026 git checkout -b change-366330 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"21321b57fe91a8dde8eb3e2f63ca578ab7bf856a","subject":"Merge tag \u0027android-13.0.0_r52\u0027 into staging/lineage-20.0_merge-android-13.0.0_r52","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/21321b57fe91a8dde8eb3e2f63ca578ab7bf856a"}]}],"author":{"name":"Ashish Kumar","email":"akgaurav@google.com","date":"2023-05-26 14:18:46.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2023-09-16 15:05:18.000000000","tz":-360},"subject":"Fixed leak of cross user data in multiple settings.","message":"Fixed leak of cross user data in multiple settings.\n\n  - Any app is allowed to receive GET_CONTENT intent. Using this, an user puts back in the intent an uri with data of another user.\n  - Telephony service has INTERACT_ACROSS_USER permission. Using this, it reads and shows the deta to the evil user.\n\nFix: When telephony service gets the intent result, it checks if the uri is from the current user or not.\n\nBug: b/256591023 , b/256819787\n\nTest: The malicious behaviour was not being reproduced. Unable to import contact from other users data.\nTest2: Able to import contact from the primary user or uri with no user id\n(These settings are not available for secondary users)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ab593467e900d4a6d25a34024a06195ae863f6dc)\nMerged-In: I1e3a643f17948153aecc1d0df9ffd9619ad678c1\nChange-Id: I1e3a643f17948153aecc1d0df9ffd9619ad678c1\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/3306e7a9b606f775c9307c150fd5cb23ad719bf2"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/3306e7a9b606f775c9307c150fd5cb23ad719bf2"}]},"branch":"refs/heads/lineage-20.0"},"674039e70e1c5bf29b808899ac80c709acc82290":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2023-09-18 13:52:39.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/30/366330/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_services_Telephony","ref":"refs/changes/30/366330/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2 \u0026\u0026 git checkout -b change-366330 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_services_Telephony refs/changes/30/366330/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"6c8345fb1747b395d1c85c02e552db536d227573","subject":"Merge cherrypicks of [20084105] into security-aosp-tm-release.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/6c8345fb1747b395d1c85c02e552db536d227573"}]}],"author":{"name":"Ashish Kumar","email":"akgaurav@google.com","date":"2023-05-26 14:18:46.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2023-07-14 17:32:50.000000000","tz":0},"subject":"Fixed leak of cross user data in multiple settings.","message":"Fixed leak of cross user data in multiple settings.\n\n  - Any app is allowed to receive GET_CONTENT intent. Using this, an user puts back in the intent an uri with data of another user.\n  - Telephony service has INTERACT_ACROSS_USER permission. Using this, it reads and shows the deta to the evil user.\n\nFix: When telephony service gets the intent result, it checks if the uri is from the current user or not.\n\nBug: b/256591023 , b/256819787\n\nTest: The malicious behaviour was not being reproduced. Unable to import contact from other users data.\nTest2: Able to import contact from the primary user or uri with no user id\n(These settings are not available for secondary users)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ab593467e900d4a6d25a34024a06195ae863f6dc)\nMerged-In: I1e3a643f17948153aecc1d0df9ffd9619ad678c1\nChange-Id: I1e3a643f17948153aecc1d0df9ffd9619ad678c1\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/674039e70e1c5bf29b808899ac80c709acc82290"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_services_Telephony/commit/674039e70e1c5bf29b808899ac80c709acc82290"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}