Depends on D19912. Ref T11351. Images currently use getMock()->getPolicy() stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers for the image when the intent is to evaluate the subscribers for the mock.
Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it).