Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 94dd7e4e authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-10.0.0_r74' of... 

Merge tag 'android-security-10.0.0_r74' of https://android.googlesource.com/platform/packages/services/Telecomm into staging/lineage-17.1_merge_android-security-10.0.0_r74

Android security 10.0.0 release 74

* tag 'android-security-10.0.0_r74' of https://android.googlesource.com/platform/packages/services/Telecomm:
  Fix security vulnerability when register phone accounts.

Change-Id: Iceaeb84f9e7acc68cf07cc51bfe21492d4f583af
parents c75bd00c b3309e41

src/com/android/server/telecom/PhoneAccountRegistrar.java

+15 −0
Original line number Diff line number Diff line
@@ -49,6 +49,7 @@ import android.telephony.TelephonyManager; 
import android.text.TextUtils;

import android.util.AtomicFile;

import android.util.Base64;

import android.util.EventLog;

import android.util.Xml;



// TODO: Needed for move to system service: import com.android.internal.R;
@@ -787,6 +788,7 @@ public class PhoneAccountRegistrar { 


        PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());

        if (oldAccount != null) {

            enforceSelfManagedAccountUnmodified(account, oldAccount);

            mState.accounts.remove(oldAccount);

            isEnabled = oldAccount.isEnabled();

            Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -847,6 +849,19 @@ public class PhoneAccountRegistrar { 
        }

    }



    private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,

            PhoneAccount oldAccount) {

        if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&

                (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {

            EventLog.writeEvent(0x534e4554, "246930197");

            Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",

                    newAccount.getAccountHandle());

            throw new IllegalArgumentException("Error, cannot change a self-managed "

                    + "phone account " + newAccount.getAccountHandle()

                    + " to other kinds of phone account");

        }

    }



    /**

     * Un-registers all phone accounts associated with a specified package.

     *