Fix security vulnerability when register phone accounts. am: 833dd8480a am: 581e22326e am: a0d2781092 am: 275debd2b6
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/services/Telecomm/+/20028194
Change-Id: Iebea286319202fc163ff973441deaeab4d8f95ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java
index ff7c031..19949f5 100644
--- a/src/com/android/server/telecom/PhoneAccountRegistrar.java
+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java
@@ -50,6 +50,7 @@
import android.text.TextUtils;
import android.util.AtomicFile;
import android.util.Base64;
+import android.util.EventLog;
import android.util.Xml;
// TODO: Needed for move to system service: import com.android.internal.R;
@@ -818,6 +819,7 @@
PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());
if (oldAccount != null) {
+ enforceSelfManagedAccountUnmodified(account, oldAccount);
mState.accounts.remove(oldAccount);
isEnabled = oldAccount.isEnabled();
Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -878,6 +880,19 @@
}
}
+ private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,
+ PhoneAccount oldAccount) {
+ if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&
+ (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {
+ EventLog.writeEvent(0x534e4554, "246930197");
+ Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",
+ newAccount.getAccountHandle());
+ throw new IllegalArgumentException("Error, cannot change a self-managed "
+ + "phone account " + newAccount.getAccountHandle()
+ + " to other kinds of phone account");
+ }
+ }
+
/**
* Un-registers all phone accounts associated with a specified package.
*