Permission check for ConnectionService PhoneAccounts. (1/2)
Adding permission check which ocurrs when registering a PhoneAccount.
The permission ensures the ConnectionService for the PhoneAccount
has BIND_CONNECTION_SERVICE permission.
Removed lookupServices method in ConnectionServiceRepository,
which was unused.
Set TestConnectionService service permission to BIND_CONNECTION_SERVICE.
Bug: 16171070
Change-Id: I5475a1af9e63deef9ceb3a549425a8c3b5f7e175
diff --git a/src/com/android/telecomm/PhoneAccountRegistrar.java b/src/com/android/telecomm/PhoneAccountRegistrar.java
index 71eb95b..f3a5a0b 100644
--- a/src/com/android/telecomm/PhoneAccountRegistrar.java
+++ b/src/com/android/telecomm/PhoneAccountRegistrar.java
@@ -16,9 +16,11 @@
package com.android.telecomm;
+import android.Manifest;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
+import android.content.pm.ServiceInfo;
import android.telecomm.ConnectionService;
import android.telecomm.PhoneAccount;
import android.telecomm.PhoneAccountHandle;
@@ -45,6 +47,7 @@
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.SecurityException;
import java.lang.String;
import java.util.ArrayList;
import java.util.Iterator;
@@ -231,6 +234,15 @@
// TODO: Should we implement an artificial limit for # of accounts associated with a single
// ComponentName?
public void registerPhoneAccount(PhoneAccount account) {
+ // Enforce the requirement that a connection service for a phone account has the correct
+ // permission.
+ if (!phoneAccountHasPermission(account.getAccountHandle())) {
+ Log.w(this, "Phone account %s does not have BIND_CONNECTION_SERVICE permission.",
+ account.getAccountHandle());
+ throw new SecurityException(
+ "PhoneAccount connection service requires BIND_CONNECTION_SERVICE permission.");
+ }
+
mState.accounts.add(account);
// Search for duplicates and remove any that are found.
for (int i = 0; i < mState.accounts.size() - 1; i++) {
@@ -311,6 +323,27 @@
}
}
+ /**
+ * Determines if the connection service specified by a {@link PhoneAccountHandle} has the
+ * {@link Manifest.permission#BIND_CONNECTION_SERVICE} permission.
+ *
+ * @param phoneAccountHandle The phone account to check.
+ * @return {@code True} if the phone account has permission.
+ */
+ public boolean phoneAccountHasPermission(PhoneAccountHandle phoneAccountHandle) {
+ PackageManager packageManager = TelecommApp.getInstance().getPackageManager();
+ try {
+ ServiceInfo serviceInfo = packageManager.getServiceInfo(
+ phoneAccountHandle.getComponentName(), 0);
+
+ return serviceInfo.permission != null &&
+ serviceInfo.permission.equals(Manifest.permission.BIND_CONNECTION_SERVICE);
+ } catch (PackageManager.NameNotFoundException e) {
+ Log.w(this, "Name not found %s", e);
+ return false;
+ }
+ }
+
////////////////////////////////////////////////////////////////////////////////////////////////
// TODO: Add a corresponding has(...) method to class PhoneAccount itself and remove this one