Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit cd72a7ca authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-8.1.0_r82' into staging/lineage-15.1_merge-android-security-8.1.0_r82 

Android security 8.1.0 release 82

* tag 'android-security-8.1.0_r82':
  Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage
  Add flag to default dialer change dialog

Change-Id: I311f6979f0637a9b70fcea43a7837abc89e7aec9
parents 29f08ff5 db9ffaad

src/com/android/server/telecom/TelecomServiceImpl.java

+17 −0
Original line number Diff line number Diff line
@@ -233,6 +233,23 @@ public class TelecomServiceImpl { 


        @Override

        public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {

            //TODO: Deprecate this in S

            try {

                enforceCallingPackage(packageName);

            } catch (SecurityException se1) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: invalid calling package");

                throw se1;

            }



            try {

                enforcePermission(READ_PRIVILEGED_PHONE_STATE);

            } catch (SecurityException se2) {

                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),

                        "getPhoneAccountsForPackage: no permission");

                throw se2;

            }



            synchronized (mLock) {

                final UserHandle callingUserHandle = Binder.getCallingUserHandle();

                long token = Binder.clearCallingIdentity();