Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce3216cb authored by Grace Jia's avatar Grace Jia
Browse files

Fix security vulnerability when register phone accounts. 

Currently if the registered self-managed phone account updated to a call
provider phone account, the enable state will be directly copied to the
updated one so that malicious app can perform call spoofing attack
without any permission requirements. Fix this by disallowing change a
self-managed phone account to a managed phone account.

Bug: 246930197
Test: CtsTelecomTestCases:SelfManagedConnectionSreviceTest
Change-Id: I8f7984cd491632b3219133044438b82ca4dec80e
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
parent 9189ed22

src/com/android/server/telecom/PhoneAccountRegistrar.java

+15 −0
Original line number Original line Diff line number Diff line
@@ -50,6 +50,7 @@ import android.telephony.TelephonyManager; 
import android.text.TextUtils;

import android.text.TextUtils;

import android.util.AtomicFile;

import android.util.AtomicFile;

import android.util.Base64;

import android.util.Base64;

import android.util.EventLog;

import android.util.Xml;

import android.util.Xml;





// TODO: Needed for move to system service: import com.android.internal.R;

// TODO: Needed for move to system service: import com.android.internal.R;
@@ -818,6 +819,7 @@ public class PhoneAccountRegistrar { 




        PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());

        PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());

        if (oldAccount != null) {

        if (oldAccount != null) {

            enforceSelfManagedAccountUnmodified(account, oldAccount);

            mState.accounts.remove(oldAccount);

            mState.accounts.remove(oldAccount);

            isEnabled = oldAccount.isEnabled();

            isEnabled = oldAccount.isEnabled();

            Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));

            Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -878,6 +880,19 @@ public class PhoneAccountRegistrar { 
        }

        }

    }

    }





    private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,

            PhoneAccount oldAccount) {

        if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&

                (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {

            EventLog.writeEvent(0x534e4554, "246930197");

            Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",

                    newAccount.getAccountHandle());

            throw new IllegalArgumentException("Error, cannot change a self-managed "

                    + "phone account " + newAccount.getAccountHandle()

                    + " to other kinds of phone account");

        }

    }



    /**

    /**

     * Un-registers all phone accounts associated with a specified package.

     * Un-registers all phone accounts associated with a specified package.

     *

     *