Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A trip through the Emergency Dialer

A trip through the Emergency Dialer

In an emergency, you don't want your emergency dialer to just not work. Android needs to take into account many edge cases to ensure you won't be left stranded in an emergency situation.

For this presentation, I dove deep into the code for Android's emergency dialer to try to come up with the worst of the worst edge cases.

Justin Mancinelli

August 25, 2017
Tweet

More Decks by Justin Mancinelli

Other Decks in Technology

Transcript

  1. An almost worst case scenario • Stock AOSP on phone

    • Locale is US • In Thailand (on vacation) • SIM is broken • No Wi-Fi • Location Services turned off [email protected]
  2. Pre-process the number 1. Dial 191 (landline short number for

    police in Thailand) 2. Check config_convert_to_emergency_number_map to instead call 112 (mobile short number for emergencies in Thailand) → FAIL, mapping doesn’t exist 3. Pass number to next step [email protected]
  3. Get the callers current country 4. Get it from the

    mobile network → FAIL, radio not connected to an operator 5. Get it from location services → FAIL, location services is disabled 6. Get it from the SIM → FAIL, can’t read the SIM 7. Get it from the phone’s locale → US [email protected]
  4. Process the number 8. If it’s a SIP address (a

    URI containing an “@“ for addressing a VoIP phone extension), it’s not an emergency number → PASS, 191 doesn’t contain “@” 9. Extract the dialable portion of the number from numbers that contain letters or other non-dialable characters (e.g.’abc911def' becomes 911) → 191 [email protected]
  5. Check if number is an explicitly set emergency number 10.

    Check the list of emergency numbers from ril.ecclist (written by SIM, OEM code or other apps) → FAIL, this list is empty*† 11. Check the list of emergency numbers from ro.ril.ecclist (written when OS is built) → FAIL, this list is empty*‡ [email protected] * If either ril.ecclist or ro.ril.ecclist is not empty, it will also check to see if you are in Brazil where only exact matches are accepted † If this weren’t empty, ro.ril.ecclist would not be checked ‡ This is a read-only list of emergency numbers
  6. Check if number is some other known emergency number or

    short code 12. Check against emergency numbers from 3GPP TS22.101 since SIM is not present → FAIL, 191 not in list* 13. Fail if the number starts with a ‘+’ because “we don’t believe that works” → No problem 14. Check against list of shortcodes from wikipedia, governments, and other sources† → TRUE, 191 matches [email protected] * If there is a SIM card, 112 and 911 will be checked if the ecclists previously are empty † This time Brazil, Chile, and Nicaragua require an exact match
  7. Make the call 15. Perform a lot of double checking

    that this is an emergency number and that the app making the call has CALL_EMERGENCY permission* → PASS 16. Don’t give 3rd party apps time to cancel or redirect the call 17. Disable the BlockedNumberContract for 2 hours in case you have blocked an emergency callback number† 18. …‡ 19. Send commands to modem to call the number 20. Network does whatever it wants with the number§ [email protected] * Apps with CALL_EMERGENCY permission can only call emergency numbers. And when regular apps that have system privileges call a likely emergency number the intent is changed from ACTION_CALL_PRIVILEGED to ACTION_CALL_EMERGENCY † Default is 2 hours, this can be configured to between 0 and 1 week ‡ http://www.voidcn.com/article/p-nofebciq-ng.html follows the code a bit farther § I accidentally dialled 911 twice because of testing 192 (a Brazilian shortcode) and 555-5555 (the quintessential fake number)