Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 692a877d authored by Grace Jia's avatar Grace Jia
Browse files

Check calling package before checking permission protection 

Using the name of a third-party package targeting a lower API level can
bypass the whole permission check in
TelecomServiceImpl#getCallStateUsingPackage. Check the calling package
first to avoid this.

Bug: 190400974
Test: Unit test, test with debug app
Change-Id: I2b0bfde41f006c2010381a85100ce931366abf57
parent eafcfb2f

src/com/android/server/telecom/TelecomServiceImpl.java

+1 −0
Original line number Diff line number Diff line
@@ -948,6 +948,7 @@ public class TelecomServiceImpl { 
        public int getCallStateUsingPackage(String callingPackage, String callingFeatureId) {

            try {

                Log.startSession("TSI.getCallStateUsingPackage");

                enforceCallingPackage(callingPackage);

                if (CompatChanges.isChangeEnabled(

                        TelecomManager.ENABLE_GET_CALL_STATE_PERMISSION_PROTECTION, callingPackage,

                        Binder.getCallingUserHandle())) {