Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0c7cf9a8 authored by Tyler Gunn's avatar Tyler Gunn
Browse files

Extra security checks in placeCall. 

When adding self-managed calls, ensure that the package of the caller
matches the package for the outgoing call phone account, unless the
caller is able to place calls.

This means a self-managed CS can ONLY place calls for its own CS.
However, the default dialer, or other call capable apps (e.g. Auto) can
still place calls on behalf of a self-managed CS.

Test: Created standalone test app to verify cases.
Bug: 38377651
Change-Id: I568b5131ff640ed66c094afae665630772956a17
parent a8478233

src/com/android/server/telecom/TelecomServiceImpl.java

+14 −0
Original line number Diff line number Diff line
@@ -996,6 +996,10 @@ public class TelecomServiceImpl { 
                                        android.Manifest.permission.MANAGE_OWN_CALLS,

                                        "Self-managed phone accounts must have MANAGE_OWN_CALLS " +

                                                "permission.");



                                // Self-managed ConnectionServices can ONLY add new incoming calls

                                // using their own PhoneAccounts.  The checkPackage(..) app opps

                                // check above ensures this.

                            }

                        }

                        long token = Binder.clearCallingIdentity();
@@ -1086,6 +1090,16 @@ public class TelecomServiceImpl { 
                if (isSelfManaged) {

                    mContext.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_OWN_CALLS,

                            "Self-managed ConnectionServices require MANAGE_OWN_CALLS permission.");



                    if (!callingPackage.equals(

                            phoneAccountHandle.getComponentName().getPackageName())

                            && !canCallPhone(callingPackage,

                            "CALL_PHONE permission required to place calls.")) {

                        // The caller is not allowed to place calls, so we want to ensure that it

                        // can only place calls through itself.

                        throw new SecurityException("Self-managed ConnectionServices can only "

                                + "place calls through their own ConnectionService.");

                    }

                } else if (!canCallPhone(callingPackage, "placeCall")) {

                    throw new SecurityException("Package " + callingPackage

                            + " is not allowed to place phone calls");