Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9db9305e authored by Tyler Gunn's avatar Tyler Gunn
Browse files

Clear calling identify before using package manager in TelecomServiceImpl. 

Some calls are made to getPackageUid from the caller's identity, which
causes a crash for apps calling from private space since it is a cross
user request.

Flag: com.android.server.telecom.flags.allow_system_apps_resolve_voip_calls
Test: Install test app in private space and verify it no longer crashes when
calling TelecomManager.endCall
Fixes: 399623655

Change-Id: I09174e65e2a2d146d36c803a229bee7cee6cf258
parent 679c24b3

src/com/android/server/telecom/TelecomServiceImpl.java

+23 −14
Original line number Diff line number Diff line
@@ -1537,15 +1537,21 @@ public class TelecomServiceImpl { 
            int callingUid = Binder.getCallingUid();

            int systemUiUid;

            if (mPackageManager != null && mSystemUiPackageName != null) {

                long whosCalling = Binder.clearCallingIdentity();

                try {

                    try {

                        systemUiUid = mPackageManager.getPackageUid(mSystemUiPackageName, 0);

                        Log.i(TAG, "isSysUiUid: callingUid = " + callingUid + "; systemUiUid = "

                                + systemUiUid);

                        return isSameApp(callingUid, systemUiUid);

                    } catch (PackageManager.NameNotFoundException e) {

                    Log.w(TAG, "isSysUiUid: caught PackageManager NameNotFoundException = " + e);

                        Log.w(TAG,

                                "isSysUiUid: caught PackageManager NameNotFoundException = " + e);

                        return false;

                    }

                } finally {

                    Binder.restoreCallingIdentity(whosCalling);

                }

            } else {

                Log.w(TAG, "isSysUiUid: caught null check and returned false; "

                        + "mPackageManager = " + mPackageManager + "; mSystemUiPackageName = "
@@ -3317,13 +3323,9 @@ public class TelecomServiceImpl { 
        try {

            pm = mContext.createContextAsUser(

                    UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager();

        } catch (Exception e) {

            Log.i(this, "callingUidMatchesPackageManagerRecords:"

                    + " createContextAsUser hit exception=[%s]", e.toString());

            return false;

        } finally {

            Binder.restoreCallingIdentity(token);

        }



            // This has to happen inside the scope of the `clearCallingIdentity` block

            // otherwise the caller may fail to call `TelecomManager#endCall`.

            if (pm != null) {

                try {

                    packageUid = pm.getPackageUid(packageName, 0);
@@ -3331,6 +3333,13 @@ public class TelecomServiceImpl { 
                    // packageUid is -1.

                }

            }

        } catch (Exception e) {

            Log.i(this, "callingUidMatchesPackageManagerRecords:"

                    + " createContextAsUser hit exception=[%s]", e.toString());

            return false;

        } finally {

            Binder.restoreCallingIdentity(token);

        }



        if (packageUid != callingUid) {

            Log.i(this, "callingUidMatchesPackageManagerRecords: uid mismatch found for"