Add permission to CONNECTION_MANAGER PhoneAccount registration.
We need to add a system-level permission for registering PhoneAccounts
to prevent third party apps from registering and being able to
control the call.
Bug: 18100571
Change-Id: I06de9311620b271904babc78f23faff90a15e1a9
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 5d11fb3..427b248 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -46,6 +46,11 @@
android:protectionLevel="signature"/>
<permission
+ android:name="com.android.server.telecom.permission.REGISTER_CONNECTION_MANAGER"
+ android:label="Register CONNECTION_MANAGER PhoneAccount"
+ android:protectionLevel="signature"/>
+
+ <permission
android:name="android.permission.BROADCAST_CALLLOG_INFO"
android:label="Broadcast the call type/duration information"
android:protectionLevel="signature|system"/>
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index fbbe1c9..aaa3d16 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -52,6 +52,8 @@
public class TelecomServiceImpl extends ITelecomService.Stub {
private static final String REGISTER_PROVIDER_OR_SUBSCRIPTION =
"com.android.server.telecom.permission.REGISTER_PROVIDER_OR_SUBSCRIPTION";
+ private static final String REGISTER_CONNECTION_MANAGER =
+ "com.android.server.telecom.permission.REGISTER_CONNECTION_MANAGER";
/** The context. */
private Context mContext;
@@ -295,6 +297,9 @@
account.hasCapabilities(PhoneAccount.CAPABILITY_SIM_SUBSCRIPTION)) {
enforceRegisterProviderOrSubscriptionPermission();
}
+ if (account.hasCapabilities(PhoneAccount.CAPABILITY_CONNECTION_MANAGER)) {
+ enforceRegisterConnectionManagerPermission();
+ }
mPhoneAccountRegistrar.registerPhoneAccount(account);
} catch (Exception e) {
@@ -573,6 +578,10 @@
enforcePermission(REGISTER_PROVIDER_OR_SUBSCRIPTION);
}
+ private void enforceRegisterConnectionManagerPermission() {
+ enforcePermission(REGISTER_CONNECTION_MANAGER);
+ }
+
private void enforceReadPermission() {
enforcePermission(Manifest.permission.READ_PHONE_STATE);
}