From ce3216cbde1a2f0a7912f027aeb0c30316613116 Mon Sep 17 00:00:00 2001
From: Grace Jia <xiaotonj@google.com>
Date: Thu, 22 Sep 2022 14:20:57 -0700
Subject: Fix security vulnerability when register phone accounts.

Currently if the registered self-managed phone account updated to a call
provider phone account, the enable state will be directly copied to the
updated one so that malicious app can perform call spoofing attack
without any permission requirements. Fix this by disallowing change a
self-managed phone account to a managed phone account.

Bug: 246930197
Test: CtsTelecomTestCases:SelfManagedConnectionSreviceTest
Change-Id: I8f7984cd491632b3219133044438b82ca4dec80e
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
---
 src/com/android/server/telecom/PhoneAccountRegistrar.java | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java
index ff7c03148..19949f59f 100644
--- a/src/com/android/server/telecom/PhoneAccountRegistrar.java
+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java
@@ -50,6 +50,7 @@ import android.telephony.TelephonyManager;
 import android.text.TextUtils;
 import android.util.AtomicFile;
 import android.util.Base64;
+import android.util.EventLog;
 import android.util.Xml;
 
 // TODO: Needed for move to system service: import com.android.internal.R;
@@ -818,6 +819,7 @@ public class PhoneAccountRegistrar {
 
         PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());
         if (oldAccount != null) {
+            enforceSelfManagedAccountUnmodified(account, oldAccount);
             mState.accounts.remove(oldAccount);
             isEnabled = oldAccount.isEnabled();
             Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -878,6 +880,19 @@ public class PhoneAccountRegistrar {
         }
     }
 
+    private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,
+            PhoneAccount oldAccount) {
+        if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&
+                (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {
+            EventLog.writeEvent(0x534e4554, "246930197");
+            Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",
+                    newAccount.getAccountHandle());
+            throw new IllegalArgumentException("Error, cannot change a self-managed "
+                    + "phone account " + newAccount.getAccountHandle()
+                    + " to other kinds of phone account");
+        }
+    }
+
     /**
      * Un-registers all phone accounts associated with a specified package.
      *
-- 
cgit v1.2.3


From 833dd8480adc773e36d388521a14fd8cd11d6a30 Mon Sep 17 00:00:00 2001
From: Grace Jia <xiaotonj@google.com>
Date: Thu, 22 Sep 2022 14:20:57 -0700
Subject: Fix security vulnerability when register phone accounts.

Currently if the registered self-managed phone account updated to a call
provider phone account, the enable state will be directly copied to the
updated one so that malicious app can perform call spoofing attack
without any permission requirements. Fix this by disallowing change a
self-managed phone account to a managed phone account.

Bug: 246930197
Test: CtsTelecomTestCases:SelfManagedConnectionSreviceTest
Change-Id: I8f7984cd491632b3219133044438b82ca4dec80e
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
---
 src/com/android/server/telecom/PhoneAccountRegistrar.java | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java
index 16eaa97c5..13b176c25 100644
--- a/src/com/android/server/telecom/PhoneAccountRegistrar.java
+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java
@@ -49,6 +49,7 @@ import android.telephony.TelephonyManager;
 import android.text.TextUtils;
 import android.util.AtomicFile;
 import android.util.Base64;
+import android.util.EventLog;
 import android.util.Xml;
 
 // TODO: Needed for move to system service: import com.android.internal.R;
@@ -787,6 +788,7 @@ public class PhoneAccountRegistrar {
 
         PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());
         if (oldAccount != null) {
+            enforceSelfManagedAccountUnmodified(account, oldAccount);
             mState.accounts.remove(oldAccount);
             isEnabled = oldAccount.isEnabled();
             Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
@@ -847,6 +849,19 @@ public class PhoneAccountRegistrar {
         }
     }
 
+    private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,
+            PhoneAccount oldAccount) {
+        if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&
+                (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {
+            EventLog.writeEvent(0x534e4554, "246930197");
+            Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",
+                    newAccount.getAccountHandle());
+            throw new IllegalArgumentException("Error, cannot change a self-managed "
+                    + "phone account " + newAccount.getAccountHandle()
+                    + " to other kinds of phone account");
+        }
+    }
+
     /**
      * Un-registers all phone accounts associated with a specified package.
      *
-- 
cgit v1.2.3


From d6e319ed7d239242a43ee09fd42d5cb05593042f Mon Sep 17 00:00:00 2001
From: Bill Yi <byi@google.com>
Date: Wed, 16 Nov 2022 02:13:41 -0800
Subject: Import translations. DO NOT MERGE ANYWHERE

Auto-generated-cl: translation import
Change-Id: Idce9e9f850c4f18c2d97ae9219fb9b5b3ce0c5ec
---
 res/values-en-rCA/strings.xml | 24 ++++++++++++------------
 res/values-es-rUS/strings.xml |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/res/values-en-rCA/strings.xml b/res/values-en-rCA/strings.xml
index cef6db56d..2e2f05f3a 100644
--- a/res/values-en-rCA/strings.xml
+++ b/res/values-en-rCA/strings.xml
@@ -16,7 +16,7 @@
 
 <resources xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
-    <string name="telecommAppLabel" product="default" msgid="1825598513414129827">"Phone calls"</string>
+    <string name="telecommAppLabel" product="default" msgid="1825598513414129827">"Phone Calls"</string>
     <string name="userCallActivityLabel" product="default" msgid="3605391260292846248">"Phone"</string>
     <string name="unknown" msgid="6993977514360123431">"Unknown"</string>
     <string name="notification_missedCallTitle" msgid="5060387047205532974">"Missed call"</string>
@@ -35,8 +35,8 @@
     <string name="notification_incallservice_not_responding_body" msgid="9209308270131968623">"Your call used the phone app that came with your device"</string>
     <string name="accessibility_call_muted" msgid="2968461092554300779">"Call muted."</string>
     <string name="accessibility_speakerphone_enabled" msgid="555386652061614267">"Speakerphone enabled."</string>
-    <string name="respond_via_sms_canned_response_1" msgid="6332561460870382561">"I am so sorry, I can\'t answer the phone right now. How can I help you?"</string>
-    <string name="respond_via_sms_canned_response_2" msgid="2052951316129952406">"I\'ll call you back."</string>
+    <string name="respond_via_sms_canned_response_1" msgid="6332561460870382561">"Can\'t talk now. What\'s up?"</string>
+    <string name="respond_via_sms_canned_response_2" msgid="2052951316129952406">"I\'ll call you right back."</string>
     <string name="respond_via_sms_canned_response_3" msgid="6656147963478092035">"I\'ll call you later."</string>
     <string name="respond_via_sms_canned_response_4" msgid="9141132488345561047">"Can\'t talk now. Call me later?"</string>
     <string name="respond_via_sms_setting_title" msgid="4762275482898830160">"Quick responses"</string>
@@ -47,7 +47,7 @@
     <string name="respond_via_sms_failure_format" msgid="5198680980054596391">"Message failed to send to <xliff:g id="PHONE_NUMBER">%s</xliff:g>."</string>
     <string name="enable_account_preference_title" msgid="6949224486748457976">"Calling accounts"</string>
     <string name="outgoing_call_not_allowed_user_restriction" msgid="3424338207838851646">"Only emergency calls are allowed."</string>
-    <string name="outgoing_call_not_allowed_no_permission" msgid="8590468836581488679">"This application cannot make outgoing calls without Phone permission."</string>
+    <string name="outgoing_call_not_allowed_no_permission" msgid="8590468836581488679">"This application cannot make outgoing calls without the Phone permission."</string>
     <string name="outgoing_call_error_no_phone_number_supplied" msgid="7665135102566099778">"To place a call, enter a valid number."</string>
     <string name="duplicate_video_call_not_allowed" msgid="5754746140185781159">"Call cannot be added at this time."</string>
     <string name="no_vm_number" msgid="2179959110602180844">"Missing voicemail number"</string>
@@ -56,10 +56,10 @@
     <string name="change_default_dialer_dialog_title" msgid="5861469279421508060">"Make <xliff:g id="NEW_APP">%s</xliff:g> your default Phone app?"</string>
     <string name="change_default_dialer_dialog_affirmative" msgid="8604665314757739550">"Set Default"</string>
     <string name="change_default_dialer_dialog_negative" msgid="8648669840052697821">"Cancel"</string>
-    <string name="change_default_dialer_warning_message" msgid="8461963987376916114">"<xliff:g id="NEW_APP">%s</xliff:g> will be able to place and control all aspects of calls. Only apps that you trust should be set as the default Phone app."</string>
+    <string name="change_default_dialer_warning_message" msgid="8461963987376916114">"<xliff:g id="NEW_APP">%s</xliff:g> will be able to place and control all aspects of calls. Only apps you trust should be set as the default Phone app."</string>
     <string name="change_default_call_screening_dialog_title" msgid="5365787219927262408">"Make <xliff:g id="NEW_APP">%s</xliff:g> your default call screening app?"</string>
     <string name="change_default_call_screening_warning_message_for_disable_old_app" msgid="2039830033533243164">"<xliff:g id="OLD_APP">%s</xliff:g> will no longer be able to screen calls."</string>
-    <string name="change_default_call_screening_warning_message" msgid="9020537562292754269">"<xliff:g id="NEW_APP">%s</xliff:g> will be able to see information about callers not in your contacts and will be able to block these calls. Only apps that you trust should be set as the default call screening app."</string>
+    <string name="change_default_call_screening_warning_message" msgid="9020537562292754269">"<xliff:g id="NEW_APP">%s</xliff:g> will be able to see information about callers not in your contacts and will be able to block these calls. Only apps you trust should be set as the default call screening app."</string>
     <string name="change_default_call_screening_dialog_affirmative" msgid="7162433828280058647">"Set Default"</string>
     <string name="change_default_call_screening_dialog_negative" msgid="1839266125623106342">"Cancel"</string>
     <string name="blocked_numbers" msgid="8322134197039865180">"Blocked numbers"</string>
@@ -73,13 +73,13 @@
     <string name="non_primary_user" msgid="315564589279622098">"Only the device owner can view and manage blocked numbers."</string>
     <string name="delete_icon_description" msgid="5335959254954774373">"Unblock"</string>
     <string name="blocked_numbers_butter_bar_title" msgid="582982373755950791">"Blocking temporarily off"</string>
-    <string name="blocked_numbers_butter_bar_body" msgid="1261213114919301485">"When you dial or text an emergency number, blocking is turned off to ensure that emergency services can contact you."</string>
+    <string name="blocked_numbers_butter_bar_body" msgid="1261213114919301485">"After you dial or text an emergency number, blocking is turned off to ensure that emergency services can contact you."</string>
     <string name="blocked_numbers_butter_bar_button" msgid="2704456308072489793">"Re-enable now"</string>
     <string name="blocked_numbers_number_blocked_message" msgid="4314736791180919167">"<xliff:g id="BLOCKED_NUMBER">%1$s</xliff:g> blocked"</string>
     <string name="blocked_numbers_number_unblocked_message" msgid="2933071624674945601">"<xliff:g id="UNBLOCKED_NUMBER">%1$s</xliff:g> unblocked"</string>
     <string name="blocked_numbers_block_emergency_number_message" msgid="4198550501500893890">"Unable to block emergency number."</string>
     <string name="blocked_numbers_number_already_blocked_message" msgid="2301270825735665458">"<xliff:g id="BLOCKED_NUMBER">%1$s</xliff:g> is already blocked."</string>
-    <string name="toast_personal_call_msg" msgid="5817631570381795610">"Using the personal dialler to make the call"</string>
+    <string name="toast_personal_call_msg" msgid="5817631570381795610">"Using the personal dialer to make the call"</string>
     <string name="notification_incoming_call" msgid="1233481138362230894">"<xliff:g id="CALL_VIA">%1$s</xliff:g> call from <xliff:g id="CALL_FROM">%2$s</xliff:g>"</string>
     <string name="notification_incoming_video_call" msgid="5795968314037063900">"<xliff:g id="CALL_VIA">%1$s</xliff:g> video call from <xliff:g id="CALL_FROM">%2$s</xliff:g>"</string>
     <string name="answering_ends_other_call" msgid="8653544281903986641">"Answering will end your <xliff:g id="CALL_VIA">%1$s</xliff:g> call"</string>
@@ -90,7 +90,7 @@
     <string name="answering_ends_other_managed_video_call" msgid="1988508241432031327">"Answering will end your ongoing video call"</string>
     <string name="answer_incoming_call" msgid="2045888814782215326">"Answer"</string>
     <string name="decline_incoming_call" msgid="922147089348451310">"Decline"</string>
-    <string name="cant_call_due_to_no_supported_service" msgid="1635626384149947077">"Call cannot be placed because there are no calling accounts that support calls of this type."</string>
+    <string name="cant_call_due_to_no_supported_service" msgid="1635626384149947077">"Call cannot be placed because there are no calling accounts which support calls of this type."</string>
     <string name="cant_call_due_to_ongoing_call" msgid="8004235328451385493">"Call cannot be placed due to your <xliff:g id="OTHER_CALL">%1$s</xliff:g> call."</string>
     <string name="cant_call_due_to_ongoing_calls" msgid="6379163795277824868">"Call cannot be placed due to your <xliff:g id="OTHER_CALL">%1$s</xliff:g> calls."</string>
     <string name="cant_call_due_to_ongoing_unknown_call" msgid="8243532328969433172">"Call cannot be placed due to a call in another app."</string>
@@ -101,7 +101,7 @@
     <string name="notification_channel_disconnected_calls" msgid="8228636543997645757">"Disconnected calls"</string>
     <string name="notification_channel_in_call_service_crash" msgid="7313237519166984267">"Crashed phone apps"</string>
     <string name="alert_outgoing_call" msgid="5319895109298927431">"Placing this call will end your <xliff:g id="OTHER_APP">%1$s</xliff:g> call."</string>
-    <string name="alert_redirect_outgoing_call_or_not" msgid="665409645789521636">"Choose how to make this call"</string>
+    <string name="alert_redirect_outgoing_call_or_not" msgid="665409645789521636">"Choose how to place this call"</string>
     <string name="alert_place_outgoing_call_with_redirection" msgid="5221065030959024121">"Redirect call using <xliff:g id="OTHER_APP">%1$s</xliff:g>"</string>
     <string name="alert_place_unredirect_outgoing_call" msgid="2467608535225764006">"Call using my phone number"</string>
     <string name="alert_redirect_outgoing_call_timeout" msgid="5568101425637373060">"Call can\'t be placed by <xliff:g id="OTHER_APP">%1$s</xliff:g>. Try using a different call redirecting app or contacting the developer for help."</string>
@@ -109,8 +109,8 @@
     <string name="phone_settings_number_not_in_contact_txt" msgid="2602249106007265757">"Numbers not in Contacts"</string>
     <string name="phone_settings_number_not_in_contact_summary_txt" msgid="963327038085718969">"Block numbers that are not listed in your Contacts"</string>
     <string name="phone_settings_private_num_txt" msgid="6339272760338475619">"Private"</string>
-    <string name="phone_settings_private_num_summary_txt" msgid="6755758240544021037">"Block callers who do not disclose their number"</string>
-    <string name="phone_settings_payphone_txt" msgid="5003987966052543965">"Phonebox"</string>
+    <string name="phone_settings_private_num_summary_txt" msgid="6755758240544021037">"Block callers that do not disclose their number"</string>
+    <string name="phone_settings_payphone_txt" msgid="5003987966052543965">"Pay phone"</string>
     <string name="phone_settings_payphone_summary_txt" msgid="3936631076065563665">"Block calls from pay phones"</string>
     <string name="phone_settings_unknown_txt" msgid="3577926178354772728">"Unknown"</string>
     <string name="phone_settings_unknown_summary_txt" msgid="5446657192535779645">"Block calls from unidentified callers"</string>
diff --git a/res/values-es-rUS/strings.xml b/res/values-es-rUS/strings.xml
index ac0b22c65..d2a1f4c95 100644
--- a/res/values-es-rUS/strings.xml
+++ b/res/values-es-rUS/strings.xml
@@ -34,7 +34,7 @@
     <string name="notification_incallservice_not_responding_title" msgid="5347557574288598548">"<xliff:g id="IN_CALL_SERVICE_APP_NAME">%s</xliff:g> dejó de responder"</string>
     <string name="notification_incallservice_not_responding_body" msgid="9209308270131968623">"Tu llamada se hizo con la app de teléfono que venía en tu dispositivo"</string>
     <string name="accessibility_call_muted" msgid="2968461092554300779">"Llamada silenciada"</string>
-    <string name="accessibility_speakerphone_enabled" msgid="555386652061614267">"Altavoz habilitado"</string>
+    <string name="accessibility_speakerphone_enabled" msgid="555386652061614267">"Bocina habilitada"</string>
     <string name="respond_via_sms_canned_response_1" msgid="6332561460870382561">"No puedo hablar ahora. ¿Todo bien?"</string>
     <string name="respond_via_sms_canned_response_2" msgid="2052951316129952406">"Te llamo enseguida."</string>
     <string name="respond_via_sms_canned_response_3" msgid="6656147963478092035">"Te llamo más tarde."</string>
-- 
cgit v1.2.3


From 799347b6f65da163673b4f8358783f3087ff08a2 Mon Sep 17 00:00:00 2001
From: Grace Jia <xiaotonj@google.com>
Date: Thu, 25 Aug 2022 14:47:19 -0700
Subject: Fix security vulnerability issue for multi user call redirections.

Currently we won't check if the PhoneAccountHandle provided by a
CallRedirectionService has multi-user capability or belong to the same
user as the current user. Add the check and disconnect the call if this
is an unexpected cross-user call redirection.

Bug: 235098883
Test: CallsManagerTest, manual test with test app provided in
b/235098883.

Change-Id: Ia8b9468aa2bb8e3157c227e2617ff6a52e0af119
Merged-In: Ia8b9468aa2bb8e3157c227e2617ff6a52e0af119
(cherry picked from commit f29ab7e1ec0e480e2d39d289d5aa3fc95aed2142)
(cherry picked from commit 735b84a90e5305915836329d4abca672fcc87126)
---
 src/com/android/server/telecom/CallsManager.java   | 19 ++++++++++++----
 .../server/telecom/tests/CallsManagerTest.java     | 25 +++++++++++++++++++---
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/src/com/android/server/telecom/CallsManager.java b/src/com/android/server/telecom/CallsManager.java
index 4d829bb86..73cdd5b10 100755
--- a/src/com/android/server/telecom/CallsManager.java
+++ b/src/com/android/server/telecom/CallsManager.java
@@ -2091,6 +2091,16 @@ public class CallsManager extends Call.ListenerBase
         boolean endEarly = false;
         String disconnectReason = "";
         String callRedirectionApp = mRoleManagerAdapter.getDefaultCallRedirectionApp();
+        PhoneAccount phoneAccount = mPhoneAccountRegistrar
+                .getPhoneAccountUnchecked(phoneAccountHandle);
+        if (phoneAccount != null
+                && !phoneAccount.hasCapabilities(PhoneAccount.CAPABILITY_MULTI_USER)) {
+            // Check if the phoneAccountHandle belongs to the current user
+            if (phoneAccountHandle != null &&
+                    !phoneAccountHandle.getUserHandle().equals(call.getInitiatingUser())) {
+                phoneAccountHandle = null;
+            }
+        }
 
         boolean isPotentialEmergencyNumber;
         try {
@@ -2125,9 +2135,9 @@ public class CallsManager extends Call.ListenerBase
             endEarly = true;
             disconnectReason = "Null handle from Call Redirection Service";
         } else if (phoneAccountHandle == null) {
-            Log.w(this, "onCallRedirectionComplete: phoneAccountHandle is null");
+            Log.w(this, "onCallRedirectionComplete: phoneAccountHandle is unavailable");
             endEarly = true;
-            disconnectReason = "Null phoneAccountHandle from Call Redirection Service";
+            disconnectReason = "Unavailable phoneAccountHandle from Call Redirection Service";
         } else if (isPotentialEmergencyNumber) {
             Log.w(this, "onCallRedirectionComplete: emergency number %s is redirected from Call"
                     + " Redirection Service", handle.getSchemeSpecificPart());
@@ -2148,6 +2158,7 @@ public class CallsManager extends Call.ListenerBase
             return;
         }
 
+        final PhoneAccountHandle finalPhoneAccountHandle = phoneAccountHandle;
         if (uiAction.equals(CallRedirectionProcessor.UI_TYPE_USER_DEFINED_ASK_FOR_CONFIRM)) {
             Log.addEvent(call, LogUtils.Events.REDIRECTION_USER_CONFIRMATION);
             mPendingRedirectedOutgoingCall = call;
@@ -2157,7 +2168,7 @@ public class CallsManager extends Call.ListenerBase
                         @Override
                         public void loggedRun() {
                             Log.addEvent(call, LogUtils.Events.REDIRECTION_USER_CONFIRMED);
-                            call.setTargetPhoneAccount(phoneAccountHandle);
+                            call.setTargetPhoneAccount(finalPhoneAccountHandle);
                             placeOutgoingCall(call, handle, gatewayInfo, speakerphoneOn,
                                     videoState);
                         }
@@ -2167,7 +2178,7 @@ public class CallsManager extends Call.ListenerBase
                     new Runnable("CM.oCRC", mLock) {
                         @Override
                         public void loggedRun() {
-                            call.setTargetPhoneAccount(phoneAccountHandle);
+                            call.setTargetPhoneAccount(finalPhoneAccountHandle);
                             placeOutgoingCall(call, handle, null, speakerphoneOn,
                                     videoState);
                         }
diff --git a/tests/src/com/android/server/telecom/tests/CallsManagerTest.java b/tests/src/com/android/server/telecom/tests/CallsManagerTest.java
index 6fd8334b6..e7d0a2641 100644
--- a/tests/src/com/android/server/telecom/tests/CallsManagerTest.java
+++ b/tests/src/com/android/server/telecom/tests/CallsManagerTest.java
@@ -37,7 +37,6 @@ import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -57,7 +56,7 @@ import android.os.UserHandle;
 import android.telecom.CallerInfo;
 import android.telecom.Connection;
 import android.telecom.DisconnectCause;
-import android.telecom.Log;
+import android.telecom.GatewayInfo;
 import android.telecom.PhoneAccount;
 import android.telecom.PhoneAccountHandle;
 import android.telecom.TelecomManager;
@@ -77,7 +76,6 @@ import com.android.server.telecom.CallDiagnosticServiceController;
 import com.android.server.telecom.CallState;
 import com.android.server.telecom.CallerInfoLookupHelper;
 import com.android.server.telecom.CallsManager;
-import com.android.server.telecom.CallsManagerListenerBase;
 import com.android.server.telecom.ClockProxy;
 import com.android.server.telecom.ConnectionServiceFocusManager;
 import com.android.server.telecom.ConnectionServiceFocusManager.ConnectionServiceFocusManagerFactory;
@@ -133,8 +131,12 @@ import java.util.concurrent.TimeUnit;
 @RunWith(JUnit4.class)
 public class CallsManagerTest extends TelecomTestCase {
     private static final int TEST_TIMEOUT = 5000;  // milliseconds
+    private static final int SECONDARY_USER_ID = 12;
     private static final PhoneAccountHandle SIM_1_HANDLE = new PhoneAccountHandle(
             ComponentName.unflattenFromString("com.foo/.Blah"), "Sim1");
+    private static final PhoneAccountHandle SIM_1_HANDLE_SECONDARY = new PhoneAccountHandle(
+            ComponentName.unflattenFromString("com.foo/.Blah"), "Sim1",
+            new UserHandle(SECONDARY_USER_ID));
     private static final PhoneAccountHandle SIM_2_HANDLE = new PhoneAccountHandle(
             ComponentName.unflattenFromString("com.foo/.Blah"), "Sim2");
     private static final PhoneAccountHandle CONNECTION_MGR_1_HANDLE = new PhoneAccountHandle(
@@ -1676,6 +1678,23 @@ public class CallsManagerTest extends TelecomTestCase {
                 new UserHandle(90210)));
     }
 
+    @SmallTest
+    @Test
+    public void testCrossUserCallRedirectionEndEarlyForIncapablePhoneAccount() {
+        when(mPhoneAccountRegistrar.getPhoneAccountUnchecked(eq(SIM_1_HANDLE_SECONDARY)))
+                .thenReturn(SIM_1_ACCOUNT);
+        mCallsManager.onUserSwitch(UserHandle.SYSTEM);
+
+        Call callSpy = addSpyCall(CallState.NEW);
+        mCallsManager.onCallRedirectionComplete(callSpy, TEST_ADDRESS, SIM_1_HANDLE_SECONDARY,
+                new GatewayInfo("foo", TEST_ADDRESS2, TEST_ADDRESS), true /* speakerphoneOn */,
+                VideoProfile.STATE_AUDIO_ONLY, false /* shouldCancelCall */, "" /* uiAction */);
+
+        ArgumentCaptor<String> argumentCaptor = ArgumentCaptor.forClass(String.class);
+        verify(callSpy).disconnect(argumentCaptor.capture());
+        assertTrue(argumentCaptor.getValue().contains("Unavailable phoneAccountHandle"));
+    }
+
     private Call addSpyCall() {
         return addSpyCall(SIM_2_HANDLE, CallState.ACTIVE);
     }
-- 
cgit v1.2.3