Change security model for TelecomManager#handleCallIntent method.
Method is used to trampoline call intents to Telecom. Previously the
calling UID was compared to grant access; this assumption was incorrect
as it wouldn't work for work profiles.
Changed to use a telecom-only permission.
Test: Ran Telecom CTS tests and impacted CTS tests.
Test: Manually placed calls using ACTION_CALL intent.
Bug: 117898288
Change-Id: If7097595e901a418ee90f0a1f1b82dc475838425
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 17c9698..d3ada02 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -34,6 +34,7 @@
<uses-permission android:name="android.permission.BROADCAST_CALLLOG_INFO" />
<uses-permission android:name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" />
<uses-permission android:name="android.permission.CALL_PRIVILEGED" />
+ <uses-permission android:name="android.permission.HANDLE_CALL_INTENT" />
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
<uses-permission android:name="android.permission.MANAGE_USERS" />
@@ -71,6 +72,11 @@
android:label="Process phone account registration"
android:protectionLevel="signature|system"/>
+ <permission
+ android:name="android.permission.HANDLE_CALL_INTENT"
+ android:label="Protects handling the call intent via the TelecomManager API."
+ android:protectionLevel="signature|system"/>
+
<application android:label="@string/telecommAppLabel"
android:icon="@mipmap/ic_launcher_phone"
android:allowBackup="false"