Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: LineageOS/android_packages_services_Telecomm
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: lineage-16.0
Choose a base ref
...
head repository: lineageos-resurrected/android_packages_services_Telecomm
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: lineage-16.0
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 10 commits
  • 18 files changed
  • 6 contributors

Commits on Jul 4, 2024

  1. limit TelecomManager#registerPhoneAccount to 10 

    bug: 209814693
Bug: 217934478
Test: CTS
Change-Id: I3042a3973dd0dcc8d2fdc96c23d6d41522dc00af
Merged-In: I3042a3973dd0dcc8d2fdc96c23d6d41522dc00af
(cherry picked from commit eb3394e)
Merged-In: I3042a3973dd0dcc8d2fdc96c23d6d41522dc00af
    Thomas Stuart authored and Ella committed Jul 4, 2024
    Copy the full SHA
    2461ed3 View commit details

  2. Resolve StatusHints image exploit across user. 

    Because of the INTERACT_ACROSS_USERS permission, an app that implements
a ConnectionService can upload an image icon belonging to another user
by setting it in the StatusHints. Validating the construction of the
StatusHints on the calling user would prevent a malicious app from
registering a connection service with the embedded image icon from a
different user.

From additional feedback, this CL also addresses potential
vulnerabilities in an app being able to directly invoke the binder for a
means to manipulate the contents of the bundle that are passed with it.
The targeted points of entry are in ConnectionServiceWrapper for the
following APIs: handleCreateConnectionComplete, setStatusHints,
addConferenceCall, and addExistingConnection.

Fixes: 280797684
Test: Manual (verified that original exploit is no longer an issue).
Test: Unit test for validating image in StatusHints constructor.
Test: Unit tests to address vulnerabilities via the binder.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:49d19dd265bee669b230efa29bf98c83650efea6)
Merged-In: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
Change-Id: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
    Pranav Madapurmath authored and Ella committed Jul 4, 2024
    Copy the full SHA
    5b5cb7c View commit details

  3. Fix security vulnerability when register phone accounts. 

    Currently if the registered self-managed phone account updated to a call
provider phone account, the enable state will be directly copied to the
updated one so that malicious app can perform call spoofing attack
without any permission requirements. Fix this by disallowing change a
self-managed phone account to a managed phone account.

Bug: 246930197
Test: CtsTelecomTestCases:SelfManagedConnectionSreviceTest
Change-Id: I8f7984cd491632b3219133044438b82ca4dec80e
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
(cherry picked from commit 833dd84)
Merged-In: I8f7984cd491632b3219133044438b82ca4dec80e
    Grace Jia authored and Ella committed Jul 4, 2024
    Copy the full SHA
    426a30c View commit details

  4. switch TelecomManager List getters to ParceledListSlice 

    It was shown that given a large phoneAccountHandles that are
over 1 mb, a TransactionTooLarge exception can be silently thrown
causing an empty list to be returned.

In order to prevent this behavior, all Lists that return a
PhoneAccountHandle or PhoneAccount have been switched to
ParceledListSlice.

bug: 236263294
Test: atest android.telecom.cts.PhoneAccountRegistrarTest
             #testRegisterPhoneAccountHandleWithFieldOverLimit
Change-Id: Ibc3814dabd59cf9f0f9505b88f2146a4c3c5e015
Merged-In: Ibc3814dabd59cf9f0f9505b88f2146a4c3c5e015
(cherry picked from commit 960147d)
Merged-In: Ibc3814dabd59cf9f0f9505b88f2146a4c3c5e015
    Thomas Stuart authored and Ella committed Jul 4, 2024
    Copy the full SHA
    020e747 View commit details

  5. Handle null bindings returned from ConnectionService. 

    When a ConnectionService returns a null binding, immediately unbind from
the ConnectionService and cancel any ongoing calls related to it.

Bug: 211114016
Test: Added new CTS test to verify auto unbind from null binding ConnectionService.
Test: Manually tested using test app which implements null binding ConnectionService and verified via telecom log inspection that the service is unbound and the call is terminated.
Change-Id: I0757557e66725dddfd871cd9857071a8749bd7ba
(cherry picked from commit 410ce02)
Merged-In: I0757557e66725dddfd871cd9857071a8749bd7ba
    Tyler Gunn authored and Ella committed Jul 4, 2024
    Copy the full SHA
    77128e0 View commit details

  6. Hide overlay windows when showing phone account enable/disable screen. 

    Hide any system alert window overlays when the screen that lets the user
enable/disable phone accounts is shown.

Test: Manual test with overlay shown from test app; verify that the overlay
is hidden when the phone account selection screen is opened.
Bug: 246933359

Change-Id: Ia0209d57ee9a672cde4196076845d77941dc3f68
(cherry picked from commit a7d57ac)
Merged-In: Ia0209d57ee9a672cde4196076845d77941dc3f68
    Tyler Gunn authored and Ella committed Jul 4, 2024
    Copy the full SHA
    b8ef463 View commit details

  7. enforce stricter rules when registering phoneAccounts 

    - include disable accounts when looking up accounts for a package to
  check if the limit is reached (10)
- put a new limit of 10 supported schemes
- put a new limit of 256 characters per scheme
- put a new limit of 256 characters per address
- ensure the Icon can write to memory w/o an exception

bug: 259064622
bug: 256819769
Test: cts + unit
Change-Id: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de
Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de
(cherry picked from commit on googleplex-android-review.googlesource.com host: 56ef9e1)
Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de
    Thomas Stuart authored and Ella committed Jul 4, 2024
    Copy the full SHA
    02a57b2 View commit details

  8. Resolve account image icon profile boundary exploit. 

    Because Telecom grants the INTERACT_ACROSS_USERS permission, an exploit
is possible where the user can upload an image icon (belonging to
another user) via registering a phone account. This CL provides a
lightweight solution for parsing the image URI to detect profile
exploitation.

Fixes: 273502295 | AOSP
Fixes: 296915211 | AOSP
Test: Unit test to enforce successful/failure path
(cherry picked from commit d0d1d38 | AOSP)
(cherry picked from commit e7d0ca3 | AOSP)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a604311f86ea8136ca2ac9f9ff0af7fa57ee3f42)
Merged-In: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5 | AOSP
Change-Id: I2b6418f019a373ee9f02ba8683e5b694e7ab80a5 | AOSP
    Ella committed Jul 4, 2024
    Copy the full SHA
    9d25470 View commit details

Commits on Nov 27, 2024

  1. DO NOT MERGE Unbind CS if connection is not created within 15 seconds. 

    This CL adds a check to ensure that connection creation occurs within 15 seconds after binding to that ConnectionService. If the connection/conference is not created in that timespan, this CL adds logic to manually unbind the ConnectionService at that point in time. This prevents malicious apps from keeping a declared permission in forever even in the background.

Bug: 293458004
Test: manually using the provided apk + atest CallsManagerTest
Flag: EXEMPT Security High/Critical Severity CVE
(cherry picked from commit 7aa55ff)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:286781dfcb78d8b5c1a77f2390f5251f01943add)
Merged-In: I30caed1481dff5af2223a8ff589846597cee8229
Change-Id: I30caed1481dff5af2223a8ff589846597cee8229
    @Lost-Entrepreneur439
    Grant Menke authored and Lost-Entrepreneur439 committed Nov 27, 2024
    Copy the full SHA
    fc4393f View commit details

Commits on Mar 17, 2025

  1. Resolve cross account user icon validation. 

    Resolves a vulnerability found with the cross account user icon
validation in StatusHint and TelecomServiceImpl (when registering a
phone account). The reporter found that an uri formatted as `userId%`
isn't parsed properly with the existing reference to Uri.encodedUserInfo.

Bug: 376461551
Bug: 376259166
Flag: EXEMPT bugfix
Test: atest TelecomServiceImplTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4c046b179d4bdffa6d35f9637b0f4cc359a67451)
Merged-In: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
Change-Id: I7a5f64ae01eaf6a133ea04c51bd00dbe1653b74f
    @Lost-Entrepreneur439
    Pranav Madapurmath authored and Lost-Entrepreneur439 committed Mar 17, 2025
    Copy the full SHA
    fcac1ac View commit details
Loading