Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1172a011 authored by Tyler Gunn's avatar Tyler Gunn
Browse files

Extra security checks in placeCall. 

Note: This is a cherry-pick from Master/AOSP-Master.

When adding self-managed calls, ensure that the package of the caller
matches the package for the outgoing call phone account, unless the
caller is able to place calls.

This means a self-managed CS can ONLY place calls for its own CS.
However, the default dialer, or other call capable apps (e.g. Auto) can
still place calls on behalf of a self-managed CS.


Test: Manual
Merged-In: If0198bed5475e09ce2ef7dec1f69e5d104215c46
Change-Id: If0198bed5475e09ce2ef7dec1f69e5d104215c46
Bug: 38377651
(cherry picked from commit 24c35e0f)
parent b65719af

src/com/android/server/telecom/TelecomServiceImpl.java

+14 −0
Original line number Diff line number Diff line
@@ -994,6 +994,10 @@ public class TelecomServiceImpl { 
                                        android.Manifest.permission.MANAGE_OWN_CALLS,

                                        "Self-managed phone accounts must have MANAGE_OWN_CALLS " +

                                                "permission.");



                                // Self-managed ConnectionServices can ONLY add new incoming calls

                                // using their own PhoneAccounts.  The checkPackage(..) app opps

                                // check above ensures this.

                            }

                        }

                        long token = Binder.clearCallingIdentity();
@@ -1084,6 +1088,16 @@ public class TelecomServiceImpl { 
                if (isSelfManaged) {

                    mContext.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_OWN_CALLS,

                            "Self-managed ConnectionServices require MANAGE_OWN_CALLS permission.");



                    if (!callingPackage.equals(

                            phoneAccountHandle.getComponentName().getPackageName())

                            && !canCallPhone(callingPackage,

                            "CALL_PHONE permission required to place calls.")) {

                        // The caller is not allowed to place calls, so we want to ensure that it

                        // can only place calls through itself.

                        throw new SecurityException("Self-managed ConnectionServices can only "

                                + "place calls through their own ConnectionService.");

                    }

                } else if (!canCallPhone(callingPackage, "placeCall")) {

                    throw new SecurityException("Package " + callingPackage

                            + " is not allowed to place phone calls");