Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 094c1569 authored by Grace Jia's avatar Grace Jia Committed by Automerger Merge Worker
Browse files

Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage am:... 

Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage am: f3f2d7c2 am: 21bc22a0 am: 0b9f87a4

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/services/Telecomm/+/12141784

Change-Id: Id134980b9b5b7b884792fac38274589c6ab2144d
parents 60cca7bd 0b9f87a4

src/com/android/server/telecom/TelecomServiceImpl.java

+17 −0
Original line number Diff line number Diff line
@@ -234,6 +234,23 @@ public class TelecomServiceImpl { 


        @Override

        public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {

            //TODO: Deprecate this in S

            try {

                enforceCallingPackage(packageName);

            } catch (SecurityException se1) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: invalid calling package");

                throw se1;

            }



            try {

                enforcePermission(READ_PRIVILEGED_PHONE_STATE);

            } catch (SecurityException se2) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: no permission");

                throw se2;

            }



            synchronized (mLock) {

                final UserHandle callingUserHandle = Binder.getCallingUserHandle();

                long token = Binder.clearCallingIdentity();