Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit efe26996 authored by Tyler Gunn's avatar Tyler Gunn
Browse files

Change security model for TelecomManager#handleCallIntent method. 

Method is used to trampoline call intents to Telecom. Previously the
calling UID was compared to grant access; this assumption was incorrect
as it wouldn't work for work profiles.

Changed to use a telecom-only permission.

Test: Ran Telecom CTS tests and impacted CTS tests.
Test: Manually placed calls using ACTION_CALL intent.
Bug: 117898288
Change-Id: If7097595e901a418ee90f0a1f1b82dc475838425
parent 92f4c353

AndroidManifest.xml

+6 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ 
    <uses-permission android:name="android.permission.BROADCAST_CALLLOG_INFO" />

    <uses-permission android:name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" />

    <uses-permission android:name="android.permission.CALL_PRIVILEGED" />

    <uses-permission android:name="android.permission.HANDLE_CALL_INTENT" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />

    <uses-permission android:name="android.permission.MANAGE_USERS" />
@@ -71,6 +72,11 @@ 
            android:label="Process phone account registration"

            android:protectionLevel="signature|system"/>



    <permission

            android:name="android.permission.HANDLE_CALL_INTENT"

            android:label="Protects handling the call intent via the TelecomManager API."

            android:protectionLevel="signature|system"/>



    <application android:label="@string/telecommAppLabel"

            android:icon="@mipmap/ic_launcher_phone"

            android:allowBackup="false"

src/com/android/server/telecom/TelecomServiceImpl.java

+4 −4
Original line number Diff line number Diff line
@@ -79,6 +79,8 @@ public class TelecomServiceImpl { 


    private static final String TIME_LINE_ARG = "timeline";

    private static final int DEFAULT_VIDEO_STATE = -1;

    private static final String PERMISSION_HANDLE_CALL_INTENT =

            "android.permission.HANDLE_CALL_INTENT";



    private final ITelecomService.Stub mBinderImpl = new ITelecomService.Stub() {

        @Override
@@ -1481,12 +1483,10 @@ public class TelecomServiceImpl { 
            try {

                Log.startSession("TSI.hCI");

                synchronized (mLock) {

                    int callingUid = Binder.getCallingUid();

                    mContext.enforceCallingOrSelfPermission(PERMISSION_HANDLE_CALL_INTENT,

                            "handleCallIntent is for internal use only.");



                    long token = Binder.clearCallingIdentity();

                    if (callingUid != Process.myUid()) {

                        throw new SecurityException("handleCallIntent is for Telecom only");

                    }

                    try {

                        Log.i(this, "handleCallIntent: handling call intent");

                        mCallIntentProcessorAdapter.processOutgoingCallIntent(mContext,