diff options
author | Tyler Gunn <tgunn@google.com> | 2017-07-17 15:34:02 -0700 |
---|---|---|
committer | Tyler Gunn <tgunn@google.com> | 2017-08-14 15:50:53 +0000 |
commit | 322480cc93be946c4a26b1ea9e3883aa5b928659 (patch) | |
tree | a7b63b4302050ea4dfd04650b6f1d117c53fe4a8 | |
parent | 15b4cf3a126b0bf127109d906d3fac7628976624 (diff) | |
download | android_packages_services_Telecomm-322480cc93be946c4a26b1ea9e3883aa5b928659.tar.gz android_packages_services_Telecomm-322480cc93be946c4a26b1ea9e3883aa5b928659.tar.bz2 android_packages_services_Telecomm-322480cc93be946c4a26b1ea9e3883aa5b928659.zip |
Enforce MODIFY_PHONE_STATE for TelecomManager system APIs.
Enforcing system-only permissions for TelecomManager APIs (see the bug
for rationale as to why some methods do not have the permission
enforced).
Test: Manual / GTS
Change-Id: I3f76602820c772b763f453a216d041454e3b94e6
Fixes: 62347125
-rw-r--r-- | src/com/android/server/telecom/TelecomServiceImpl.java | 132 |
1 files changed, 100 insertions, 32 deletions
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java index 3a09aa86..cd9b2dfe 100644 --- a/src/com/android/server/telecom/TelecomServiceImpl.java +++ b/src/com/android/server/telecom/TelecomServiceImpl.java @@ -204,10 +204,16 @@ public class TelecomServiceImpl { String callingPackage) { try { Log.startSession("TSI.gPASS"); + try { + enforceModifyPermission( + "getPhoneAccountsSupportingScheme requires MODIFY_PHONE_STATE"); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", Binder.getCallingUid(), + "getPhoneAccountsSupportingScheme: " + callingPackage); + return Collections.emptyList(); + } + synchronized (mLock) { - if (!canReadPhoneState(callingPackage, "getPhoneAccountsSupportingScheme")) { - return Collections.emptyList(); - } final UserHandle callingUserHandle = Binder.getCallingUserHandle(); long token = Binder.clearCallingIdentity(); try { @@ -270,33 +276,57 @@ public class TelecomServiceImpl { @Override public int getAllPhoneAccountsCount() { - synchronized (mLock) { + try { + Log.startSession("TSI.gAPAC"); try { - Log.startSession("TSI.gAPAC"); - // This list is pre-filtered for the calling user. - return getAllPhoneAccounts().size(); - } catch (Exception e) { - Log.e(this, e, "getAllPhoneAccountsCount"); + enforceModifyPermission( + "getAllPhoneAccountsCount requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", Binder.getCallingUid(), + "getAllPhoneAccountsCount"); throw e; - } finally { - Log.endSession(); } + + synchronized (mLock) { + try { + // This list is pre-filtered for the calling user. + return getAllPhoneAccounts().size(); + } catch (Exception e) { + Log.e(this, e, "getAllPhoneAccountsCount"); + throw e; + + } + } + } finally { + Log.endSession(); } } @Override public List<PhoneAccount> getAllPhoneAccounts() { synchronized (mLock) { - final UserHandle callingUserHandle = Binder.getCallingUserHandle(); - long token = Binder.clearCallingIdentity(); try { Log.startSession("TSI.gAPA"); - return mPhoneAccountRegistrar.getAllPhoneAccounts(callingUserHandle); - } catch (Exception e) { - Log.e(this, e, "getAllPhoneAccounts"); - throw e; + try { + enforceModifyPermission( + "getAllPhoneAccounts requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", Binder.getCallingUid(), + "getAllPhoneAccounts"); + throw e; + } + + final UserHandle callingUserHandle = Binder.getCallingUserHandle(); + long token = Binder.clearCallingIdentity(); + try { + return mPhoneAccountRegistrar.getAllPhoneAccounts(callingUserHandle); + } catch (Exception e) { + Log.e(this, e, "getAllPhoneAccounts"); + throw e; + } finally { + Binder.restoreCallingIdentity(token); + } } finally { - Binder.restoreCallingIdentity(token); Log.endSession(); } } @@ -304,19 +334,31 @@ public class TelecomServiceImpl { @Override public List<PhoneAccountHandle> getAllPhoneAccountHandles() { - synchronized (mLock) { - final UserHandle callingUserHandle = Binder.getCallingUserHandle(); - long token = Binder.clearCallingIdentity(); + try { + Log.startSession("TSI.gAPAH"); try { - Log.startSession("TSI.gAPAH"); - return mPhoneAccountRegistrar.getAllPhoneAccountHandles(callingUserHandle); - } catch (Exception e) { - Log.e(this, e, "getAllPhoneAccounts"); + enforceModifyPermission( + "getAllPhoneAccountHandles requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", Binder.getCallingUid(), + "getAllPhoneAccountHandles"); throw e; - } finally { - Binder.restoreCallingIdentity(token); - Log.endSession(); } + + synchronized (mLock) { + final UserHandle callingUserHandle = Binder.getCallingUserHandle(); + long token = Binder.clearCallingIdentity(); + try { + return mPhoneAccountRegistrar.getAllPhoneAccountHandles(callingUserHandle); + } catch (Exception e) { + Log.e(this, e, "getAllPhoneAccounts"); + throw e; + } finally { + Binder.restoreCallingIdentity(token); + } + } + } finally { + Log.endSession(); } } @@ -682,8 +724,14 @@ public class TelecomServiceImpl { public boolean isRinging(String callingPackage) { try { Log.startSession("TSI.iR"); - if (!canReadPhoneState(callingPackage, "isRinging")) { - return false; + if (!isPrivilegedDialerCalling(callingPackage)) { + try { + enforceModifyPermission( + "isRinging requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", "isRinging: " + callingPackage); + throw e; + } } synchronized (mLock) { @@ -932,8 +980,15 @@ public class TelecomServiceImpl { public boolean isTtySupported(String callingPackage) { try { Log.startSession("TSI.iTS"); - if (!canReadPhoneState(callingPackage, "hasVoiceMailNumber")) { - return false; + if (!isPrivilegedDialerCalling(callingPackage)) { + try { + enforceModifyPermission( + "isTtySupported requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", "isTtySupported: " + + callingPackage); + throw e; + } } synchronized (mLock) { @@ -1033,6 +1088,15 @@ public class TelecomServiceImpl { public void addNewUnknownCall(PhoneAccountHandle phoneAccountHandle, Bundle extras) { try { Log.startSession("TSI.aNUC"); + try { + enforceModifyPermission( + "addNewUnknownCall requires MODIFY_PHONE_STATE permission."); + } catch (SecurityException e) { + EventLog.writeEvent(0x534e4554, "62347125", Binder.getCallingUid(), + "addNewUnknownCall"); + throw e; + } + synchronized (mLock) { if (phoneAccountHandle != null && phoneAccountHandle.getComponentName() != null) { @@ -1516,6 +1580,10 @@ public class TelecomServiceImpl { enforcePermission(MODIFY_PHONE_STATE); } + private void enforceModifyPermission(String message) { + mContext.enforceCallingOrSelfPermission(MODIFY_PHONE_STATE, message); + } + private void enforcePermission(String permission) { mContext.enforceCallingOrSelfPermission(permission, null); } |