Google Git
Sign in
android / platform / packages / services / Telecomm / 43f7ac5ce5fe0da0c750ba3abc9fc4e0e664cf17
commit43f7ac5ce5fe0da0c750ba3abc9fc4e0e664cf17[log] [tgz]
authorGrace Jia <xiaotonj@google.com>Thu Aug 25 14:47:19 2022 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Dec 14 02:26:40 2022 +0000
treeaf677a52f371a002579e87033c7d215891dc818d
parent9296e6acf06504f077a197d9d900e428e73c1f94 [diff]
Fix security vulnerability issue for multi user call redirections.

Currently we won't check if the PhoneAccountHandle provided by a
CallRedirectionService has multi-user capability or belong to the same
user as the current user. Add the check and disconnect the call if this
is an unexpected cross-user call redirection.

Bug: 235098883
Test: CallsManagerTest, manual test with test app provided in
b/235098883.

Change-Id: Ia8b9468aa2bb8e3157c227e2617ff6a52e0af119
Merged-In: Ia8b9468aa2bb8e3157c227e2617ff6a52e0af119
(cherry picked from commit f29ab7e1ec0e480e2d39d289d5aa3fc95aed2142)
(cherry picked from commit 735b84a90e5305915836329d4abca672fcc87126)
(cherry picked from commit 799347b6f65da163673b4f8358783f3087ff08a2)
Merged-In: Ia8b9468aa2bb8e3157c227e2617ff6a52e0af119
2 files changed
tree: af677a52f371a002579e87033c7d215891dc818d
  1. libs/
  2. proto/
  3. res/
  4. scripts/
  5. src/
  6. testapps/
  7. tests/
  8. .classpath
  9. .gitignore
  10. .project
  11. Android.bp
  12. AndroidManifest.xml
  13. CleanSpec.mk
  14. OWNERS
  15. PREUPLOAD.cfg
  16. proguard.flags
  17. TEST_MAPPING