Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a6a9176d authored by Grace Jia's avatar Grace Jia Committed by Automerger Merge Worker
Browse files

Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage am:... 

Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage am: f3f2d7c2 am: 21bc22a0 am: 0b9f87a4 am: 094c1569 am: 1aadaf8e

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/services/Telecomm/+/12141784

Change-Id: Ic6ed11d4fcde74150029de9f1a6795623d80cf67
parents eca9b5ba 1aadaf8e

src/com/android/server/telecom/TelecomServiceImpl.java

+17 −0
Original line number Original line Diff line number Diff line
@@ -262,6 +262,23 @@ public class TelecomServiceImpl { 




        @Override

        @Override

        public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {

        public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {

            //TODO: Deprecate this in S

            try {

                enforceCallingPackage(packageName);

            } catch (SecurityException se1) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: invalid calling package");

                throw se1;

            }



            try {

                enforcePermission(READ_PRIVILEGED_PHONE_STATE);

            } catch (SecurityException se2) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: no permission");

                throw se2;

            }



            synchronized (mLock) {

            synchronized (mLock) {

                final UserHandle callingUserHandle = Binder.getCallingUserHandle();

                final UserHandle callingUserHandle = Binder.getCallingUserHandle();

                long token = Binder.clearCallingIdentity();

                long token = Binder.clearCallingIdentity();