From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Thomas Stuart Date: Mon, 21 Nov 2022 17:36:52 -0800 Subject: [PATCH] enforce stricter rules when registering phoneAccounts - include disable accounts when looking up accounts for a package to check if the limit is reached (10) - put a new limit of 10 supported schemes - put a new limit of 256 characters per scheme - put a new limit of 256 characters per address - ensure the Icon can write to memory w/o an exception bug: 259064622 bug: 256819769 Test: cts + unit Change-Id: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de (cherry picked from commit on googleplex-android-review.googlesource.com host: 56ef9e15506f71ae555a4535d5c0ac9bd3f587f1) Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de --- .../server/telecom/PhoneAccountRegistrar.java | 185 ++++++++++++++++-- .../server/telecom/TelecomServiceImpl.java | 4 +- .../tests/PhoneAccountRegistrarTest.java | 101 ++++++++++ .../telecom/tests/TelecomServiceImplTest.java | 2 +- 4 files changed, 276 insertions(+), 16 deletions(-) diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java index 4bcd2e5c3..8e7826bd6 100644 --- a/src/com/android/server/telecom/PhoneAccountRegistrar.java +++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java @@ -17,6 +17,7 @@ package com.android.server.telecom; import android.Manifest; +import android.annotation.NonNull; import android.content.ComponentName; import android.content.Context; import android.content.Intent; @@ -28,6 +29,7 @@ import android.graphics.Bitmap; import android.graphics.BitmapFactory; import android.graphics.drawable.Icon; import android.net.Uri; +import android.os.Binder; import android.os.Bundle; import android.os.AsyncTask; import android.os.PersistableBundle; @@ -137,9 +139,14 @@ public class PhoneAccountRegistrar { } private static final String FILE_NAME = "phone-account-registrar-state.xml"; + public static final String ICON_ERROR_MSG = + "Icon cannot be written to memory. Try compressing or downsizing"; @VisibleForTesting public static final int EXPECTED_STATE_VERSION = 9; public static final int MAX_PHONE_ACCOUNT_REGISTRATIONS = 10; + public static final int MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT = 100; + public static final int MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT = 256; + public static final int MAX_SCHEMES_PER_ACCOUNT = 10; /** Keep in sync with the same in SipSettings.java */ private static final String SIP_SHARED_PREFERENCES = "SIP_PREFERENCES"; @@ -630,12 +637,25 @@ public class PhoneAccountRegistrar { return getPhoneAccountHandles(0, null, packageName, false, userHandle); } + + /** + * includes disabled, includes crossUserAccess + */ + public List getAllPhoneAccountHandlesForPackage(UserHandle userHandle, + String packageName) { + return getPhoneAccountHandles(0, null, packageName, true /* includeDisabled */, userHandle); + } + + /** * Performs checks before calling addOrReplacePhoneAccount(PhoneAccount) * * @param account The {@code PhoneAccount} to add or replace. - * @throws SecurityException if package does not have BIND_TELECOM_CONNECTION_SERVICE permission + * @throws SecurityException if package does not have BIND_TELECOM_CONNECTION_SERVICE + * permission * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_REGISTRATIONS are reached + * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT is reached + * @throws IllegalArgumentException if writing the Icon to memory will cause an Exception */ public void registerPhoneAccount(PhoneAccount account) { // Enforce the requirement that a connection service for a phone account has the correct @@ -647,21 +667,155 @@ public class PhoneAccountRegistrar { throw new SecurityException("PhoneAccount connection service requires " + "BIND_TELECOM_CONNECTION_SERVICE permission."); } - //Enforce an upper bound on the number of PhoneAccount's a package can register. - // Most apps should only require 1-2. - if (getPhoneAccountsForPackage( - account.getAccountHandle().getComponentName().getPackageName(), - account.getAccountHandle().getUserHandle()).size() + enforceCharacterLimit(account); + enforceIconSizeLimit(account); + enforceMaxPhoneAccountLimit(account); + addOrReplacePhoneAccount(account); + } + + /** + * Enforce an upper bound on the number of PhoneAccount's a package can register. + * Most apps should only require 1-2. * Include disabled accounts. + * + * @param account to enforce check on + * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_REGISTRATIONS are reached + */ + private void enforceMaxPhoneAccountLimit(@NonNull PhoneAccount account) { + final PhoneAccountHandle accountHandle = account.getAccountHandle(); + final UserHandle user = accountHandle.getUserHandle(); + final ComponentName componentName = accountHandle.getComponentName(); + + if (getPhoneAccountHandles(0, null, componentName.getPackageName(), + true /* includeDisabled */, user).size() >= MAX_PHONE_ACCOUNT_REGISTRATIONS) { - Log.w(this, "Phone account %s reached max registration limit for package", - account.getAccountHandle()); + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceMaxPhoneAccountLimit"); throw new IllegalArgumentException( "Error, cannot register phone account " + account.getAccountHandle() + " because the limit, " + MAX_PHONE_ACCOUNT_REGISTRATIONS + ", has been reached"); } + } + /** + * determine if there will be an issue writing the icon to memory + * + * @param account to enforce check on + * @throws IllegalArgumentException if writing the Icon to memory will cause an Exception + */ + @VisibleForTesting + public void enforceIconSizeLimit(PhoneAccount account) { + if (account.getIcon() == null) { + return; + } + String text = ""; + // convert the icon into a Base64 String + try { + text = XmlSerialization.writeIconToBase64String(account.getIcon()); + } catch (IOException e) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceIconSizeLimit"); + throw new IllegalArgumentException(ICON_ERROR_MSG); + } + } - addOrReplacePhoneAccount(account); + /** + * All {@link PhoneAccount} and{@link PhoneAccountHandle} String and Char-Sequence fields + * should be restricted to character limit of MAX_PHONE_ACCOUNT_CHAR_LIMIT to prevent exceptions + * when writing large character streams to XML-Serializer. + * + * @param account to enforce character limit checks on + * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT reached + */ + public void enforceCharacterLimit(PhoneAccount account) { + if (account == null) { + return; + } + PhoneAccountHandle handle = account.getAccountHandle(); + + String[] fields = + {"Package Name", "Class Name", "PhoneAccountHandle Id", "Label", "ShortDescription", + "GroupId", "Address", "SubscriptionAddress"}; + CharSequence[] args = {handle.getComponentName().getPackageName(), + handle.getComponentName().getClassName(), handle.getId(), account.getLabel(), + account.getShortDescription(), account.getGroupId(), + (account.getAddress() != null ? account.getAddress().toString() : ""), + (account.getSubscriptionAddress() != null ? + account.getSubscriptionAddress().toString() : "")}; + + for (int i = 0; i < fields.length; i++) { + if (args[i] != null && args[i].length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceCharacterLimit"); + throw new IllegalArgumentException("The PhoneAccount or PhoneAccountHandle" + + fields[i] + " field has an invalid character count. PhoneAccount and " + + "PhoneAccountHandle String and Char-Sequence fields are limited to " + + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " characters."); + } + } + + // Enforce limits on the URI Schemes provided + enforceLimitsOnSchemes(account); + + // Enforce limit on the PhoneAccount#mExtras + Bundle extras = account.getExtras(); + if (extras != null) { + if (extras.keySet().size() > MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceCharacterLimit"); + throw new IllegalArgumentException("The PhoneAccount#mExtras is limited to " + + MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT + " (key,value) pairs."); + } + + for (String key : extras.keySet()) { + Object value = extras.get(key); + + if ((key != null && key.length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) || + (value instanceof String && + ((String) value).length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT)) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceCharacterLimit"); + throw new IllegalArgumentException("The PhoneAccount#mExtras contains a String" + + " key or value that has an invalid character count. PhoneAccount and " + + "PhoneAccountHandle String and Char-Sequence fields are limited to " + + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " characters."); + } + } + } + } + + /** + * Enforce a character limit on all PA and PAH string or char-sequence fields. + * + * @param account to enforce check on + * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT reached + */ + @VisibleForTesting + public void enforceLimitsOnSchemes(@NonNull PhoneAccount account) { + List schemes = account.getSupportedUriSchemes(); + + if (schemes == null) { + return; + } + + if (schemes.size() > MAX_SCHEMES_PER_ACCOUNT) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceLimitsOnSchemes"); + throw new IllegalArgumentException( + "Error, cannot register phone account " + account.getAccountHandle() + + " because the URI scheme limit of " + + MAX_SCHEMES_PER_ACCOUNT + " has been reached"); + } + + for (String scheme : schemes) { + if (scheme.length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) { + EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), + "enforceLimitsOnSchemes"); + throw new IllegalArgumentException( + "Error, cannot register phone account " + account.getAccountHandle() + + " because the max scheme limit of " + + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " has been reached"); + } + } } /** @@ -1374,17 +1528,20 @@ public class PhoneAccountRegistrar { protected void writeIconIfNonNull(String tagName, Icon value, XmlSerializer serializer) throws IOException { if (value != null) { - ByteArrayOutputStream stream = new ByteArrayOutputStream(); - value.writeToStream(stream); - byte[] iconByteArray = stream.toByteArray(); - String text = Base64.encodeToString(iconByteArray, 0, iconByteArray.length, 0); - + String text = writeIconToBase64String(value); serializer.startTag(null, tagName); serializer.text(text); serializer.endTag(null, tagName); } } + public static String writeIconToBase64String(Icon icon) throws IOException { + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + icon.writeToStream(stream); + byte[] iconByteArray = stream.toByteArray(); + return Base64.encodeToString(iconByteArray, 0, iconByteArray.length, 0); + } + protected void writeLong(String tagName, long value, XmlSerializer serializer) throws IOException { serializer.startTag(null, tagName); diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java index e3e0a8511..2f9ffdbc4 100644 --- a/src/com/android/server/telecom/TelecomServiceImpl.java +++ b/src/com/android/server/telecom/TelecomServiceImpl.java @@ -59,7 +59,9 @@ import com.android.server.telecom.settings.BlockedNumbersActivity; import java.io.FileDescriptor; import java.io.PrintWriter; import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Set; // TODO: Needed for move to system service: import com.android.internal.R; @@ -263,7 +265,7 @@ public class TelecomServiceImpl { try { Log.startSession("TSI.gPAFP"); return new ParceledListSlice<>(mPhoneAccountRegistrar - .getPhoneAccountsForPackage(packageName, callingUserHandle)); + .getAllPhoneAccountHandlesForPackage(callingUserHandle, packageName)); } catch (Exception e) { Log.e(this, e, "getPhoneAccountsForPackage %s", packageName); throw e; diff --git a/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java b/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java index a98712c24..d831196f9 100644 --- a/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java +++ b/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java @@ -50,12 +50,24 @@ import java.io.BufferedOutputStream; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; +import java.io.IOException; +import java.io.OutputStream; import java.util.Arrays; import java.util.List; import java.util.Set; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyObject; +import static org.mockito.ArgumentMatchers.isA; import static org.mockito.Matchers.anyInt; import static org.mockito.Matchers.anyString; +import static org.mockito.Mockito.clearInvocations; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; public class PhoneAccountRegistrarTest extends TelecomTestCase { @@ -63,6 +75,9 @@ public class PhoneAccountRegistrarTest extends TelecomTestCase { private static final int MAX_VERSION = Integer.MAX_VALUE; private static final String FILE_NAME = "phone-account-registrar-test-1223.xml"; private static final String TEST_LABEL = "right"; + private static final String TEST_ID = "123"; + private final String PACKAGE_1 = "PACKAGE_1"; + private final String PACKAGE_2 = "PACKAGE_2"; private PhoneAccountRegistrar mRegistrar; @Mock private TelecomManager mTelecomManager; @Mock private DefaultDialerCache mDefaultDialerCache; @@ -764,6 +779,92 @@ public class PhoneAccountRegistrarTest extends TelecomTestCase { assertTrue(accounts.get(5).getLabel().toString().equals("b")); } + /** + * Ensure an IllegalArgumentException is thrown when adding more than 10 schemes for a single + * account + */ + @Test + public void testLimitOnSchemeCount() { + PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); + PhoneAccount.Builder builder = new PhoneAccount.Builder(handle, TEST_LABEL); + for (int i = 0; i < PhoneAccountRegistrar.MAX_PHONE_ACCOUNT_REGISTRATIONS + 1; i++) { + builder.addSupportedUriScheme(Integer.toString(i)); + } + try { + mRegistrar.enforceLimitsOnSchemes(builder.build()); + fail("should have hit exception in enforceLimitOnSchemes"); + } catch (IllegalArgumentException e) { + // pass test + } + } + + /** + * Ensure an IllegalArgumentException is thrown when adding more 256 chars for a single + * account + */ + @Test + public void testLimitOnSchemeLength() { + PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); + PhoneAccount.Builder builder = new PhoneAccount.Builder(handle, TEST_LABEL); + builder.addSupportedUriScheme(generateStringOfLen(257)); + try { + mRegistrar.enforceLimitsOnSchemes(builder.build()); + fail("should have hit exception in enforceLimitOnSchemes"); + } catch (IllegalArgumentException e) { + // pass test + } + } + + /** + * Ensure an IllegalArgumentException is thrown when adding an address over the limit + */ + @Test + public void testLimitOnAddress() { + String text = generateStringOfLen(100); + PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); + PhoneAccount.Builder builder = new PhoneAccount.Builder(handle,TEST_LABEL) + .setAddress(Uri.fromParts(text, text, text)); + try { + mRegistrar.enforceCharacterLimit(builder.build()); + fail("failed to throw IllegalArgumentException"); + } catch (IllegalArgumentException e) { + // pass test + } + finally { + mRegistrar.unregisterPhoneAccount(handle); + } + } + + /** + * Ensure an IllegalArgumentException is thrown when an Icon that throws an IOException is given + */ + @Test + public void testLimitOnIcon() throws Exception { + Icon mockIcon = mock(Icon.class); + // GIVEN + PhoneAccount.Builder builder = new PhoneAccount.Builder( + makeQuickAccountHandle(TEST_ID), TEST_LABEL).setIcon(mockIcon); + try { + // WHEN + Mockito.doThrow(new IOException()) + .when(mockIcon).writeToStream(any(OutputStream.class)); + //THEN + mRegistrar.enforceIconSizeLimit(builder.build()); + fail("failed to throw IllegalArgumentException"); + } catch (IllegalArgumentException e) { + // pass test + assertTrue(e.getMessage().contains(PhoneAccountRegistrar.ICON_ERROR_MSG)); + } + } + + private String generateStringOfLen(int len){ + StringBuilder sb = new StringBuilder(); + for(int i=0; i < len; i++){ + sb.append("a"); + } + return sb.toString(); + } + private static ComponentName makeQuickConnectionServiceComponentName() { return new ComponentName( "com.android.server.telecom.tests", diff --git a/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java b/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java index afeb7122b..1d46f1abb 100644 --- a/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java +++ b/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java @@ -346,7 +346,7 @@ public class TelecomServiceImplTest extends TelecomTestCase { add(SIP_PA_HANDLE_17); }}; when(mFakePhoneAccountRegistrar - .getPhoneAccountsForPackage(anyString(), any(UserHandle.class))) + .getAllPhoneAccountHandlesForPackage(any(UserHandle.class), anyString())) .thenReturn(phoneAccountHandleList); makeAccountsVisibleToAllUsers(TEL_PA_HANDLE_16, SIP_PA_HANDLE_17); assertEquals(phoneAccountHandleList,