Change security model for TelecomManager#handleCallIntent method.

Method is used to trampoline call intents to Telecom. Previously the calling UID was compared to grant access; this assumption was incorrect as it wouldn't work for work profiles. Changed to use a telecom-only permission. Test: Ran Telecom CTS tests and impacted CTS tests. Test: Manually placed calls using ACTION_CALL intent. Bug: 117898288 Change-Id: If7097595e901a418ee90f0a1f1b82dc475838425
2018-10-26 09:24:13 -07:00 · 2018-10-26 09:24:13 -07:00 · efe269962c
parent 92f4c353f4
commit efe269962c
2 changed files with 10 additions and 4 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@ -34,6 +34,7 @@
    <uses-permission android:name="android.permission.BROADCAST_CALLLOG_INFO" />
    <uses-permission android:name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" />
    <uses-permission android:name="android.permission.CALL_PRIVILEGED" />
+    <uses-permission android:name="android.permission.HANDLE_CALL_INTENT" />
    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
    <uses-permission android:name="android.permission.MANAGE_USERS" />
@ -71,6 +72,11 @@
            android:label="Process phone account registration"
            android:protectionLevel="signature|system"/>

+    <permission
+            android:name="android.permission.HANDLE_CALL_INTENT"
+            android:label="Protects handling the call intent via the TelecomManager API."
+            android:protectionLevel="signature|system"/>
+
    <application android:label="@string/telecommAppLabel"
            android:icon="@mipmap/ic_launcher_phone"
            android:allowBackup="false"
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@ -79,6 +79,8 @@ public class TelecomServiceImpl {

    private static final String TIME_LINE_ARG = "timeline";
    private static final int DEFAULT_VIDEO_STATE = -1;
+    private static final String PERMISSION_HANDLE_CALL_INTENT =
+            "android.permission.HANDLE_CALL_INTENT";

    private final ITelecomService.Stub mBinderImpl = new ITelecomService.Stub() {
        @Override
@ -1481,12 +1483,10 @@ public class TelecomServiceImpl {
            try {
                Log.startSession("TSI.hCI");
                synchronized (mLock) {
-                    int callingUid = Binder.getCallingUid();
+                    mContext.enforceCallingOrSelfPermission(PERMISSION_HANDLE_CALL_INTENT,
+                            "handleCallIntent is for internal use only.");

                    long token = Binder.clearCallingIdentity();
-                    if (callingUid != Process.myUid()) {
-                        throw new SecurityException("handleCallIntent is for Telecom only");
-                    }
                    try {
                        Log.i(this, "handleCallIntent: handling call intent");
                        mCallIntentProcessorAdapter.processOutgoingCallIntent(mContext,