Fix security vulnerability of TelecomManager#getPhoneAccountsForPackage
Check calling package and READ_PRIVILEGED_PHONE_STATE to avoid potential
PII expotion.
Bug: 153995334
Test: atest TelecomUnitTests:TelecomServiceImpl
Change-Id: Ie834633dc4031d19af90e922ef0f111c3c8d7cb2
(cherry picked from commit 9d8d0cf3dcf741afe7ed50e60da513a47b0e8d59)
(cherry picked from commit f3f2d7c2dcb558081f02e282078c0c42c5c3e1b1)
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index 8bf42a8..997723b 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -262,6 +262,23 @@
@Override
public List<PhoneAccountHandle> getPhoneAccountsForPackage(String packageName) {
+ //TODO: Deprecate this in S
+ try {
+ enforceCallingPackage(packageName);
+ } catch (SecurityException se1) {
+ EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),
+ "getPhoneAccountsForPackage: invalid calling package");
+ throw se1;
+ }
+
+ try {
+ enforcePermission(READ_PRIVILEGED_PHONE_STATE);
+ } catch (SecurityException se2) {
+ EventLog.writeEvent(0x534e4554, "153995334", Binder.getCallingUid(),
+ "getPhoneAccountsForPackage: no permission");
+ throw se2;
+ }
+
synchronized (mLock) {
final UserHandle callingUserHandle = Binder.getCallingUserHandle();
long token = Binder.clearCallingIdentity();
