Merge "Check calling package for calling UID consistency with phoneAccountHandle"
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index e9b760a..d17bba2 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -1695,10 +1695,14 @@
* @see android.telecom.TelecomManager#isIncomingCallPermitted(PhoneAccountHandle)
*/
@Override
- public boolean isIncomingCallPermitted(PhoneAccountHandle phoneAccountHandle) {
+ public boolean isIncomingCallPermitted(PhoneAccountHandle phoneAccountHandle,
+ String callingPackage) {
+ Log.startSession("TSI.iICP");
try {
- Log.startSession("TSI.iICP");
+ enforceCallingPackage(callingPackage);
+ enforcePhoneAccountHandleMatchesCaller(phoneAccountHandle, callingPackage);
enforcePermission(android.Manifest.permission.MANAGE_OWN_CALLS);
+ enforceUserHandleMatchesCaller(phoneAccountHandle);
synchronized (mLock) {
long token = Binder.clearCallingIdentity();
try {
@@ -1716,10 +1720,14 @@
* @see android.telecom.TelecomManager#isOutgoingCallPermitted(PhoneAccountHandle)
*/
@Override
- public boolean isOutgoingCallPermitted(PhoneAccountHandle phoneAccountHandle) {
+ public boolean isOutgoingCallPermitted(PhoneAccountHandle phoneAccountHandle,
+ String callingPackage) {
+ Log.startSession("TSI.iOCP");
try {
- Log.startSession("TSI.iOCP");
+ enforceCallingPackage(callingPackage);
+ enforcePhoneAccountHandleMatchesCaller(phoneAccountHandle, callingPackage);
enforcePermission(android.Manifest.permission.MANAGE_OWN_CALLS);
+ enforceUserHandleMatchesCaller(phoneAccountHandle);
synchronized (mLock) {
long token = Binder.clearCallingIdentity();
try {
@@ -2280,6 +2288,13 @@
}
}
+ private void enforcePhoneAccountHandleMatchesCaller(PhoneAccountHandle phoneAccountHandle,
+ String callingPackage) {
+ if (!callingPackage.equals(phoneAccountHandle.getComponentName().getPackageName())) {
+ throw new SecurityException("Caller does not own the PhoneAccountHandle");
+ }
+ }
+
private void enforceCrossUserPermission(int callingUid) {
if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
mContext.enforceCallingOrSelfPermission(
diff --git a/tests/src/com/android/server/telecom/tests/BasicCallTests.java b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
index 6d47c2a..b695f32 100644
--- a/tests/src/com/android/server/telecom/tests/BasicCallTests.java
+++ b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
@@ -1035,7 +1035,9 @@
@Test
public void testIsOutgoingCallPermitted() throws Exception {
assertTrue(mTelecomSystem.getTelecomServiceImpl().getBinder()
- .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle()));
+ .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle(),
+ mPhoneAccountSelfManaged.getAccountHandle().getComponentName()
+ .getPackageName()));
}
/**
@@ -1052,7 +1054,9 @@
assertEquals(Call.STATE_ACTIVE, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
assertTrue(mTelecomSystem.getTelecomServiceImpl().getBinder()
- .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle()));
+ .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle(),
+ mPhoneAccountSelfManaged.getAccountHandle().getComponentName()
+ .getPackageName()));
}
/**
@@ -1070,7 +1074,9 @@
assertEquals(Call.STATE_ACTIVE, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
assertTrue(mTelecomSystem.getTelecomServiceImpl().getBinder()
- .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle()));
+ .isOutgoingCallPermitted(mPhoneAccountSelfManaged.getAccountHandle(),
+ mPhoneAccountSelfManaged.getAccountHandle().getComponentName()
+ .getPackageName()));
}
/**