Fix security vulnerability of TelecomManager#getPhoneAccountsForPackageandroid-security-10.0.0_r59 android-security-10.0.0_r58 android-security-10.0.0_r57 android-security-10.0.0_r56 android-security-10.0.0_r55 android-security-10.0.0_r54 android-security-10.0.0_r53 android-security-10.0.0_r52 android-security-10.0.0_r51 android-security-10.0.0_r50 android-security-10.0.0_r49 android-security-10.0.0_r48 android10-security-release

Check calling package and READ_PRIVILEGED_PHONE_STATE to avoid potential PII expotion. Bug: 153995334 Test: atest TelecomUnitTests:TelecomServiceImpl Change-Id: Ie834633dc4031d19af90e922ef0f111c3c8d7cb2 (cherry picked from commit 9d8d0cf3dcf741afe7ed50e60da513a47b0e8d59) (cherry picked from commit f3f2d7c2dcb558081f02e282078c0c42c5c3e1b1)
author: Grace Jia <xiaotonj@google.com> 2020-06-18 14:12:56 -0700
committer: Anis Assi <anisassi@google.com> 2020-09-10 13:51:40 -0700
commit: dde546798b26c88459d59ecc488f5000a7b63aa1 (patch)
tree: 71c785dd2b10a6419cef15bed6705d932887d3e9
parent: 631f5a31066c9716d52324467271c9a7ee1e726f (diff)
download: platform_packages_services_Telecomm-android10-security-release.tar.gz
platform_packages_services_Telecomm-android10-security-release.tar.bz2
platform_packages_services_Telecomm-android10-security-release.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index 8bf42a8ce..997723bf9 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -262,6 +262,23 @@ public class TelecomServiceImpl {
 
         @Override
         public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {
+            //TODO: Deprecate this in S
+            try {
+                enforceCallingPackage(packageName);
+            } catch (SecurityException se1) {
+                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),
+                        "getPhoneAccountsForPackage: invalid calling package");
+                throw se1;
+            }
+
+            try {
+                enforcePermission(READ_PRIVILEGED_PHONE_STATE);
+            } catch (SecurityException se2) {
+                EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),
+                        "getPhoneAccountsForPackage: no permission");
+                throw se2;
+            }
+
             synchronized (mLock) {
                 final UserHandle callingUserHandle = Binder.getCallingUserHandle();
                 long token = Binder.clearCallingIdentity();
author	Grace Jia <xiaotonj@google.com>	2020-06-18 14:12:56 -0700
committer	Anis Assi <anisassi@google.com>	2020-09-10 13:51:40 -0700
commit	dde546798b26c88459d59ecc488f5000a7b63aa1 (patch)
tree	71c785dd2b10a6419cef15bed6705d932887d3e9
parent	631f5a31066c9716d52324467271c9a7ee1e726f (diff)
download	platform_packages_services_Telecomm-android10-security-release.tar.gz platform_packages_services_Telecomm-android10-security-release.tar.bz2 platform_packages_services_Telecomm-android10-security-release.zip