diff options
| author | Grace Jia <xiaotonj@google.com> | 2020-06-18 14:12:56 -0700 |
|---|---|---|
| committer | Anis Assi <anisassi@google.com> | 2020-09-10 13:51:20 -0700 |
| commit | 0bf3b00898526f04fc1a07f676ce247cde360ba6 (patch) | |
| tree | 0f7f8dd1e5c83de081482155ef0b3d11e9757377 | |
| parent | 941cb233faa5473de35c411e2646e2426b891089 (diff) | |
| download | Telecomm-pie-security-release.tar.gz | |
Fix security vulnerability of TelecomManager#getPhoneAccountsForPackageandroid-security-9.0.0_r76android-security-9.0.0_r75android-security-9.0.0_r74android-security-9.0.0_r73android-security-9.0.0_r72android-security-9.0.0_r71android-security-9.0.0_r70android-security-9.0.0_r69android-security-9.0.0_r68android-security-9.0.0_r67android-security-9.0.0_r66android-security-9.0.0_r65android-security-9.0.0_r64android-security-9.0.0_r63android-security-9.0.0_r62pie-security-release
Check calling package and READ_PRIVILEGED_PHONE_STATE to avoid potential
PII expotion.
Bug: 153995334
Test: atest TelecomUnitTests:TelecomServiceImpl
Change-Id: Ie834633dc4031d19af90e922ef0f111c3c8d7cb2
(cherry picked from commit 9d8d0cf3dcf741afe7ed50e60da513a47b0e8d59)
(cherry picked from commit f3f2d7c2dcb558081f02e282078c0c42c5c3e1b1)
| -rw-r--r-- | src/com/android/server/telecom/TelecomServiceImpl.java | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java index ded42db9e..0db17643b 100644 --- a/src/com/android/server/telecom/TelecomServiceImpl.java +++ b/src/com/android/server/telecom/TelecomServiceImpl.java @@ -234,6 +234,23 @@ public class TelecomServiceImpl { @Override public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) { + //TODO: Deprecate this in S + try { + enforceCallingPackage(packageName); + } catch (SecurityException se1) { + EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(), + "getPhoneAccountsForPackage: invalid calling package"); + throw se1; + } + + try { + enforcePermission(READ_PRIVILEGED_PHONE_STATE); + } catch (SecurityException se2) { + EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(), + "getPhoneAccountsForPackage: no permission"); + throw se2; + } + synchronized (mLock) { final UserHandle callingUserHandle = Binder.getCallingUserHandle(); long token = Binder.clearCallingIdentity(); |