Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cc6243dc authored by Grace Jia's avatar Grace Jia Committed by Automerger Merge Worker
Browse files

Fix security vulnerability when register phone accounts. am: 833dd848 am:... 

Fix security vulnerability when register phone accounts. am: 833dd848 am: 581e2232 am: a0d27810 am: 275debd2 am: cf69b113

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/services/Telecomm/+/20028194



Change-Id: I8b47a74231c9a3ec8ca76dbd7c53f289090c1691
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 16efae2f cf69b113

src/com/android/server/telecom/PhoneAccountRegistrar.java

+15 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ import android.telephony.TelephonyManager; 
import android.text.TextUtils;

import android.util.AtomicFile;

import android.util.Base64;

import android.util.EventLog;

import android.util.Xml;



// TODO: Needed for move to system service: import com.android.internal.R;
@@ -818,6 +819,7 @@ public class PhoneAccountRegistrar { 


        PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());

        if (oldAccount != null) {

            enforceSelfManagedAccountUnmodified(account, oldAccount);

            mState.accounts.remove(oldAccount);

            isEnabled = oldAccount.isEnabled();

            Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -878,6 +880,19 @@ public class PhoneAccountRegistrar { 
        }

    }



    private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,

            PhoneAccount oldAccount) {

        if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&

                (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {

            EventLog.writeEvent(0x534e4554, "246930197");

            Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",

                    newAccount.getAccountHandle());

            throw new IllegalArgumentException("Error, cannot change a self-managed "

                    + "phone account " + newAccount.getAccountHandle()

                    + " to other kinds of phone account");

        }

    }



    /**

     * Un-registers all phone accounts associated with a specified package.

     *