From 0b118b2b74e20b95dbca6a469c0fea372aa0a103 Mon Sep 17 00:00:00 2001 From: Tyler Gunn Date: Wed, 14 Feb 2018 14:19:42 -0800 Subject: Enhanced permission checks for TelephonyManager#endCall() API. The existing permission checks require CALL permission in order to end an ongoing call or reject an incoming call. The Telecom equivalent of this API requires MODIFY_PHONE_STATE. Since this API IS in fact a system API, modifying the permission requirements to require the same MODIFY_PHONE_STATE permission. Test: Manual testing per bug reproduction steps. Bug: 67862398 Change-Id: I8f15f6afd00466f6b861079a83e9fa03b962f63f (cherry picked from commit 6707357c6e198287046e76c1d6fc5edf1fcb3fee) (cherry picked from commit ee1901e859ed4624723d18497b70c59b0b658747) --- src/com/android/phone/PhoneInterfaceManager.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java index eafcb38e4..0e1ae1aec 100644 --- a/src/com/android/phone/PhoneInterfaceManager.java +++ b/src/com/android/phone/PhoneInterfaceManager.java @@ -52,6 +52,7 @@ import android.telephony.ModemActivityInfo; import android.text.TextUtils; import android.util.ArrayMap; import android.util.ArraySet; +import android.util.EventLog; import android.util.Log; import android.util.Pair; import android.util.Slog; @@ -1039,7 +1040,12 @@ public class PhoneInterfaceManager extends ITelephony.Stub { * @return true is a call was ended */ public boolean endCallForSubscriber(int subId) { - enforceCallPermission(); + if (mApp.checkCallingOrSelfPermission(android.Manifest.permission.MODIFY_PHONE_STATE) + != PackageManager.PERMISSION_GRANTED) { + Log.i(LOG_TAG, "endCall: called without modify phone state."); + EventLog.writeEvent(0x534e4554, "67862398", -1, ""); + throw new SecurityException("MODIFY_PHONE_STATE permission required."); + } return (Boolean) sendRequest(CMD_END_CALL, null, new Integer(subId)); } -- cgit v1.2.3