release-request-c72e46fd-06a9-4104-bad3-f7ba8aeb3e1d-for-git_oc-release-4029917 snap-temp-L38800000066299680

Change-Id: I9d9484fe25fed516a361a0e3ea24a04184fe665e
author: android-build-team Robot <android-build-team-robot@google.com> 2017-05-21 08:26:55 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2017-05-21 08:26:55 +0000
commit: daba79e476afb94a994ae81cbca024514d0abdc9 (patch)
tree: 2848985ded55bccb6cebe34aff6264660e0eec1c
parent: 0d6d571eaa123ac51a4ce7cba7889d86f42f0cae (diff)
parent: 1172a0112f3641d1a73681fe6a0bdeef3455bc6c (diff)
download: Telecomm-daba79e476afb94a994ae81cbca024514d0abdc9.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index b1ba74498..ba991a83e 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -994,6 +994,10 @@ public class TelecomServiceImpl {
                                         android.Manifest.permission.MANAGE_OWN_CALLS,
                                         "Self-managed phone accounts must have MANAGE_OWN_CALLS " +
                                                 "permission.");
+
+                                // Self-managed ConnectionServices can ONLY add new incoming calls
+                                // using their own PhoneAccounts.  The checkPackage(..) app opps
+                                // check above ensures this.
                             }
                         }
                         long token = Binder.clearCallingIdentity();
@@ -1084,6 +1088,16 @@ public class TelecomServiceImpl {
                 if (isSelfManaged) {
                     mContext.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_OWN_CALLS,
                             "Self-managed ConnectionServices require MANAGE_OWN_CALLS permission.");
+
+                    if (!callingPackage.equals(
+                            phoneAccountHandle.getComponentName().getPackageName())
+                            && !canCallPhone(callingPackage,
+                            "CALL_PHONE permission required to place calls.")) {
+                        // The caller is not allowed to place calls, so we want to ensure that it
+                        // can only place calls through itself.
+                        throw new SecurityException("Self-managed ConnectionServices can only "
+                                + "place calls through their own ConnectionService.");
+                    }
                 } else if (!canCallPhone(callingPackage, "placeCall")) {
                     throw new SecurityException("Package " + callingPackage
                             + " is not allowed to place phone calls");
author	android-build-team Robot <android-build-team-robot@google.com>	2017-05-21 08:26:55 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2017-05-21 08:26:55 +0000
commit	daba79e476afb94a994ae81cbca024514d0abdc9 (patch)
tree	2848985ded55bccb6cebe34aff6264660e0eec1c
parent	0d6d571eaa123ac51a4ce7cba7889d86f42f0cae (diff)
parent	1172a0112f3641d1a73681fe6a0bdeef3455bc6c (diff)
download	Telecomm-daba79e476afb94a994ae81cbca024514d0abdc9.tar.gz