Skip to content

Commit

Permalink
Unbind CallScreeningService when timeout reached.
Browse files Browse the repository at this point in the history
In a vulnerability, the exploiter showed that an app which implements a
service with role holding ROLE_CALL_SCREENING can be used to keep a
service alive. The assumption is that the CallScreeningService class
uses MSG_SCREEN_CALL to screen the call and results in the service being
unbound for outgoing calls once screening completes. However, a vanilla
service which holds the ROLE_CALL_SCREENING role can still be used as
the default call screening app which keeps the service alive.

This CL ensures that after the timeout is reached that we try to unbind
the service if possible.

Bug: 300904123
Test: Manual test to verify that onDestroy is called for the service
after the timeout is reached.

(cherry picked from commit 9d97cd5825066ac8e15bbf97f6755663c5341afb)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d57f25311acb7fb887fb0296364526345cc905bb)
Merged-In: I30d276867c571ece113106d3b363fce99d64f441
Change-Id: I30d276867c571ece113106d3b363fce99d64f441
  • Loading branch information
Pranav Madapurmath authored and aoleary committed Sep 17, 2024
1 parent 52282f9 commit 230d246
Showing 1 changed file with 4 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,10 @@ public void onNullBinding(ComponentName name) {
Log.w(TAG, "Cancelling call id process due to timeout");
}
mFuture.complete(null);
mContext.unbindService(serviceConnection);
} catch (IllegalArgumentException e) {
Log.i(this, "Exception when unbinding service %s : %s", serviceConnection,
e.getMessage());
} finally {
Log.endSession();
}
Expand Down

0 comments on commit 230d246

Please sign in to comment.