Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telecomm / efe269962c0fadfd4bdd56b62d06db31361a844c^! / .
commitefe269962c0fadfd4bdd56b62d06db31361a844c[log] [tgz]
authorTyler Gunn <tgunn@google.com>Fri Oct 26 09:24:13 2018 -0700
committerTyler Gunn <tgunn@google.com>Fri Oct 26 09:24:13 2018 -0700
tree255ebf3a524f4b175ac2eb9924ac5ef82076b83d
parent92f4c353f42adfa07276a79cc3f0bad5cf76f9b1 [diff]
Change security model for TelecomManager#handleCallIntent method.

Method is used to trampoline call intents to Telecom. Previously the
calling UID was compared to grant access; this assumption was incorrect
as it wouldn't work for work profiles.

Changed to use a telecom-only permission.

Test: Ran Telecom CTS tests and impacted CTS tests.
Test: Manually placed calls using ACTION_CALL intent.
Bug: 117898288
Change-Id: If7097595e901a418ee90f0a1f1b82dc475838425

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 17c9698..d3ada02 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml

@@ -34,6 +34,7 @@
     <uses-permission android:name="android.permission.BROADCAST_CALLLOG_INFO" />
     <uses-permission android:name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" />
     <uses-permission android:name="android.permission.CALL_PRIVILEGED" />
+    <uses-permission android:name="android.permission.HANDLE_CALL_INTENT" />
     <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
     <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
     <uses-permission android:name="android.permission.MANAGE_USERS" />
@@ -71,6 +72,11 @@
             android:label="Process phone account registration"
             android:protectionLevel="signature|system"/>
 
+    <permission
+            android:name="android.permission.HANDLE_CALL_INTENT"
+            android:label="Protects handling the call intent via the TelecomManager API."
+            android:protectionLevel="signature|system"/>
+
     <application android:label="@string/telecommAppLabel"
             android:icon="@mipmap/ic_launcher_phone"
             android:allowBackup="false"

diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index ab36585..c775931 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java

@@ -79,6 +79,8 @@
 
     private static final String TIME_LINE_ARG = "timeline";
     private static final int DEFAULT_VIDEO_STATE = -1;
+    private static final String PERMISSION_HANDLE_CALL_INTENT =
+            "android.permission.HANDLE_CALL_INTENT";
 
     private final ITelecomService.Stub mBinderImpl = new ITelecomService.Stub() {
         @Override
@@ -1481,12 +1483,10 @@
             try {
                 Log.startSession("TSI.hCI");
                 synchronized (mLock) {
-                    int callingUid = Binder.getCallingUid();
+                    mContext.enforceCallingOrSelfPermission(PERMISSION_HANDLE_CALL_INTENT,
+                            "handleCallIntent is for internal use only.");
 
                     long token = Binder.clearCallingIdentity();
-                    if (callingUid != Process.myUid()) {
-                        throw new SecurityException("handleCallIntent is for Telecom only");
-                    }
                     try {
                         Log.i(this, "handleCallIntent: handling call intent");
                         mCallIntentProcessorAdapter.processOutgoingCallIntent(mContext,