diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2017-05-21 08:26:55 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-05-21 08:26:55 +0000 |
commit | daba79e476afb94a994ae81cbca024514d0abdc9 (patch) | |
tree | 2848985ded55bccb6cebe34aff6264660e0eec1c | |
parent | 0d6d571eaa123ac51a4ce7cba7889d86f42f0cae (diff) | |
parent | 1172a0112f3641d1a73681fe6a0bdeef3455bc6c (diff) | |
download | Telecomm-daba79e476afb94a994ae81cbca024514d0abdc9.tar.gz |
release-request-c72e46fd-06a9-4104-bad3-f7ba8aeb3e1d-for-git_oc-release-4029917 snap-temp-L38800000066299680
Change-Id: I9d9484fe25fed516a361a0e3ea24a04184fe665e
-rw-r--r-- | src/com/android/server/telecom/TelecomServiceImpl.java | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java index b1ba74498..ba991a83e 100644 --- a/src/com/android/server/telecom/TelecomServiceImpl.java +++ b/src/com/android/server/telecom/TelecomServiceImpl.java @@ -994,6 +994,10 @@ public class TelecomServiceImpl { android.Manifest.permission.MANAGE_OWN_CALLS, "Self-managed phone accounts must have MANAGE_OWN_CALLS " + "permission."); + + // Self-managed ConnectionServices can ONLY add new incoming calls + // using their own PhoneAccounts. The checkPackage(..) app opps + // check above ensures this. } } long token = Binder.clearCallingIdentity(); @@ -1084,6 +1088,16 @@ public class TelecomServiceImpl { if (isSelfManaged) { mContext.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_OWN_CALLS, "Self-managed ConnectionServices require MANAGE_OWN_CALLS permission."); + + if (!callingPackage.equals( + phoneAccountHandle.getComponentName().getPackageName()) + && !canCallPhone(callingPackage, + "CALL_PHONE permission required to place calls.")) { + // The caller is not allowed to place calls, so we want to ensure that it + // can only place calls through itself. + throw new SecurityException("Self-managed ConnectionServices can only " + + "place calls through their own ConnectionService."); + } } else if (!canCallPhone(callingPackage, "placeCall")) { throw new SecurityException("Package " + callingPackage + " is not allowed to place phone calls"); |