Check calling package before checking permission protection
Using the name of a third-party package targeting a lower API level can
bypass the whole permission check in
TelecomServiceImpl#getCallStateUsingPackage. Check the calling package
first to avoid this.
Bug: 190400974
Test: Unit test, test with debug app
Change-Id: I2b0bfde41f006c2010381a85100ce931366abf57
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index 6fb2897..0037aaf 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -948,6 +948,7 @@
public int getCallStateUsingPackage(String callingPackage, String callingFeatureId) {
try {
Log.startSession("TSI.getCallStateUsingPackage");
+ enforceCallingPackage(callingPackage);
if (CompatChanges.isChangeEnabled(
TelecomManager.ENABLE_GET_CALL_STATE_PERMISSION_PROTECTION, callingPackage,
Binder.getCallingUserHandle())) {