Add BIND_TELECOM_CONNECTION_SERVICE permission Bug: 21088342 Change-Id: I465307899d83c4a3ee5e88a28554c4b867c1f4ba

commit: 7bb8ce9b4e7ffa5e603d8bd8780f55a1c2ced071 [log] [tgz]
author: Yorke Lee <yorkelee@google.com> Wed May 13 16:28:29 2015 -0700
committer: Yorke Lee <yorkelee@google.com> Wed May 13 16:34:13 2015 -0700
tree: f622df7b76572959cdca941035f1e6806c19bcab
parent: ed0c0cc35ef0457910c0e93d10f10f8444c4fad2 [diff]
diff --git a/src/com/android/server/telecom/CreateConnectionProcessor.java b/src/com/android/server/telecom/CreateConnectionProcessor.java
index c90f9de..a804fe1 100644
--- a/src/com/android/server/telecom/CreateConnectionProcessor.java
+++ b/src/com/android/server/telecom/CreateConnectionProcessor.java

@@ -171,20 +171,20 @@
             if (!mPhoneAccountRegistrar.phoneAccountRequiresBindPermission(
                     attempt.connectionManagerPhoneAccount)) {
                 Log.w(this,
-                        "Connection mgr does not have BIND_CONNECTION_SERVICE for attempt: %s",
-                        attempt);
+                        "Connection mgr does not have BIND_TELECOM_CONNECTION_SERVICE for "
+                                + "attempt: %s", attempt);
                 attemptNextPhoneAccount();
                 return;
             }
 
             // If the target PhoneAccount differs from the ConnectionManager phone acount, ensure it
-            // also requires the BIND_CONNECTION_SERVICE permission.
+            // also requires the BIND_TELECOM_CONNECTION_SERVICE permission.
             if (!attempt.connectionManagerPhoneAccount.equals(attempt.targetPhoneAccount) &&
                     !mPhoneAccountRegistrar.phoneAccountRequiresBindPermission(
                             attempt.targetPhoneAccount)) {
                 Log.w(this,
-                        "Target PhoneAccount does not have BIND_CONNECTION_SERVICE for attempt: %s",
-                        attempt);
+                        "Target PhoneAccount does not have BIND_TELECOM_CONNECTION_SERVICE for "
+                                + "attempt: %s", attempt);
                 attemptNextPhoneAccount();
                 return;
             }

diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java
index dd1fd6e..013e048 100644
--- a/src/com/android/server/telecom/PhoneAccountRegistrar.java
+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java

@@ -469,10 +469,11 @@
         // Enforce the requirement that a connection service for a phone account has the correct
         // permission.
         if (!phoneAccountRequiresBindPermission(account.getAccountHandle())) {
-            Log.w(this, "Phone account %s does not have BIND_CONNECTION_SERVICE permission.",
+            Log.w(this,
+                    "Phone account %s does not have BIND_TELECOM_CONNECTION_SERVICE permission.",
                     account.getAccountHandle());
-            throw new SecurityException(
-                    "PhoneAccount connection service requires BIND_CONNECTION_SERVICE permission.");
+            throw new SecurityException("PhoneAccount connection service requires "
+                    + "BIND_TELECOM_CONNECTION_SERVICE permission.");
         }
 
         addOrReplacePhoneAccount(account);
@@ -568,7 +569,7 @@
 
     /**
      * Determines if the connection service specified by a {@link PhoneAccountHandle} requires the
-     * {@link Manifest.permission#BIND_CONNECTION_SERVICE} permission.
+     * {@link Manifest.permission#BIND_TELECOM_CONNECTION_SERVICE} permission.
      *
      * @param phoneAccountHandle The phone account to check.
      * @return {@code True} if the phone account has permission.
@@ -581,8 +582,16 @@
         }
         for (ResolveInfo resolveInfo : resolveInfos) {
             ServiceInfo serviceInfo = resolveInfo.serviceInfo;
-            if (serviceInfo == null ||
-                    !Manifest.permission.BIND_CONNECTION_SERVICE.equals(serviceInfo.permission)) {
+            if (serviceInfo == null) {
+                return false;
+            }
+
+            if (!Manifest.permission.BIND_CONNECTION_SERVICE.equals(serviceInfo.permission) &&
+                    !Manifest.permission.BIND_TELECOM_CONNECTION_SERVICE.equals(
+                            serviceInfo.permission)) {
+                // The ConnectionService must require either the deprecated BIND_CONNECTION_SERVICE,
+                // or the public BIND_TELECOM_CONNECTION_SERVICE permissions, both of which are
+                // system/signature only.
                 return false;
             }
         }

diff --git a/testapps/AndroidManifest.xml b/testapps/AndroidManifest.xml
index bbe0243..8b9827f 100644
--- a/testapps/AndroidManifest.xml
+++ b/testapps/AndroidManifest.xml

@@ -34,14 +34,14 @@
         <!-- Miscellaneous telecom app-related test activities. -->
 
         <service android:name="com.android.server.telecom.testapps.TestConnectionService"
-                 android:permission="android.permission.BIND_CONNECTION_SERVICE" >
+                 android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE" >
             <intent-filter>
                 <action android:name="android.telecom.ConnectionService" />
             </intent-filter>
         </service>
 
         <service android:name="com.android.server.telecom.testapps.TestConnectionManager"
-                 android:permission="android.permission.BIND_CONNECTION_SERVICE" >
+                 android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE" >
             <intent-filter>
                 <action android:name="android.telecom.ConnectionService" />
             </intent-filter>
commit	7bb8ce9b4e7ffa5e603d8bd8780f55a1c2ced071	[log] [tgz]
author	Yorke Lee <yorkelee@google.com>	Wed May 13 16:28:29 2015 -0700
committer	Yorke Lee <yorkelee@google.com>	Wed May 13 16:34:13 2015 -0700
tree	f622df7b76572959cdca941035f1e6806c19bcab
parent	ed0c0cc35ef0457910c0e93d10f10f8444c4fad2 [diff]