mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-15 02:44:23 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
62 lines
2.8 KiB
Diff
62 lines
2.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Grace Jia <xiaotonj@google.com>
|
|
Date: Thu, 22 Sep 2022 14:20:57 -0700
|
|
Subject: [PATCH] Fix security vulnerability when register phone accounts.
|
|
|
|
Currently if the registered self-managed phone account updated to a call
|
|
provider phone account, the enable state will be directly copied to the
|
|
updated one so that malicious app can perform call spoofing attack
|
|
without any permission requirements. Fix this by disallowing change a
|
|
self-managed phone account to a managed phone account.
|
|
|
|
Bug: 246930197
|
|
Test: CtsTelecomTestCases:SelfManagedConnectionSreviceTest
|
|
Change-Id: I8f7984cd491632b3219133044438b82ca4dec80e
|
|
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
|
|
(cherry picked from commit 833dd8480adc773e36d388521a14fd8cd11d6a30)
|
|
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
|
|
---
|
|
.../server/telecom/PhoneAccountRegistrar.java | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java
|
|
index b94e5b85a..0864683be 100644
|
|
--- a/src/com/android/server/telecom/PhoneAccountRegistrar.java
|
|
+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java
|
|
@@ -48,6 +48,7 @@ import android.telephony.TelephonyManager;
|
|
import android.text.TextUtils;
|
|
import android.util.AtomicFile;
|
|
import android.util.Base64;
|
|
+import android.util.EventLog;
|
|
import android.util.Xml;
|
|
|
|
// TODO: Needed for move to system service: import com.android.internal.R;
|
|
@@ -702,6 +703,7 @@ public class PhoneAccountRegistrar {
|
|
|
|
PhoneAccount oldAccount = getPhoneAccountUnchecked(account.getAccountHandle());
|
|
if (oldAccount != null) {
|
|
+ enforceSelfManagedAccountUnmodified(account, oldAccount);
|
|
mState.accounts.remove(oldAccount);
|
|
isEnabled = oldAccount.isEnabled();
|
|
Log.i(this, "Modify account: %s", getAccountDiffString(account, oldAccount));
|
|
@@ -760,6 +762,19 @@ public class PhoneAccountRegistrar {
|
|
}
|
|
}
|
|
|
|
+ private void enforceSelfManagedAccountUnmodified(PhoneAccount newAccount,
|
|
+ PhoneAccount oldAccount) {
|
|
+ if (oldAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED) &&
|
|
+ (!newAccount.hasCapabilities(PhoneAccount.CAPABILITY_SELF_MANAGED))) {
|
|
+ EventLog.writeEvent(0x534e4554, "246930197");
|
|
+ Log.w(this, "Self-managed phone account %s replaced by a non self-managed one",
|
|
+ newAccount.getAccountHandle());
|
|
+ throw new IllegalArgumentException("Error, cannot change a self-managed "
|
|
+ + "phone account " + newAccount.getAccountHandle()
|
|
+ + " to other kinds of phone account");
|
|
+ }
|
|
+ }
|
|
+
|
|
/**
|
|
* Un-registers all phone accounts associated with a specified package.
|
|
*
|