diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 085872c644fcd..d848b2fcd161d 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1265,6 +1265,14 @@
         android:description="@string/permdesc_bind_call_service"
         android:label="@string/permlab_bind_call_service" />
 
+    <!-- @SystemApi Allows an application to bind to ConnectionService implementations.
+         @hide -->
+    <permission android:name="android.permission.BIND_CONNECTION_SERVICE"
+                android:permissionGroup="android.permission-group.PHONE_CALLS"
+                android:protectionLevel="system|signature"
+                android:description="@string/permdesc_bind_connection_service"
+                android:label="@string/permlab_bind_connection_service" />
+
     <!-- ================================== -->
     <!-- Permissions for sdcard interaction -->
     <!-- ================================== -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 8065a9c50a97b..6262f13e78147 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -2116,6 +2116,11 @@
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permdesc_bind_call_service">Allows the app to control when and how the user sees the in-call screen.</string>
 
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_bind_connection_service">interact with telephony services</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_bind_connection_service">Allows the app to interact with telephony services to make/receive calls.</string>
+
     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permlab_readNetworkUsageHistory">read historical network usage</string>
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/telecomm/java/android/telecomm/ConnectionService.java b/telecomm/java/android/telecomm/ConnectionService.java
index c2b401dbc909c..8ab5e1341ca0d 100644
--- a/telecomm/java/android/telecomm/ConnectionService.java
+++ b/telecomm/java/android/telecomm/ConnectionService.java
@@ -16,6 +16,7 @@
 
 package android.telecomm;
 
+import android.Manifest;
 import android.annotation.SdkConstant;
 import android.app.PendingIntent;
 import android.app.Service;
@@ -26,6 +27,8 @@ import android.os.Handler;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Message;
+import android.os.Parcel;
+import android.os.RemoteException;
 import android.telephony.DisconnectCause;
 
 import com.android.internal.os.SomeArgs;
@@ -45,7 +48,6 @@ import java.util.Map;
  * Android device.
  */
 public abstract class ConnectionService extends Service {
-
     /**
      * The {@link Intent} that must be declared as handled by the service.
      */
@@ -81,6 +83,18 @@ public abstract class ConnectionService extends Service {
     private final ConnectionServiceAdapter mAdapter = new ConnectionServiceAdapter();
 
     private final IBinder mBinder = new IConnectionService.Stub() {
+        /**
+         * Enforces the requirement that all calls into the ConnectionService require the
+         * {@code BIND_CONNECTION_SERVICE} permission.
+         */
+        @Override
+        public boolean onTransact(int code, Parcel data, Parcel reply,
+                int flags) throws RemoteException
+        {
+            enforceBindConnectionServicePermission();
+            return super.onTransact(code, data, reply, flags);
+        }
+
         @Override
         public void addConnectionServiceAdapter(IConnectionServiceAdapter adapter) {
             mHandler.obtainMessage(MSG_ADD_CONNECTION_SERVICE_ADAPTER, adapter).sendToTarget();
@@ -617,7 +631,8 @@ public abstract class ConnectionService extends Service {
                     public void onError(String request, int code, String reason) {
                         // no-op
                     }
-                });
+                }
+        );
     }
 
     private void splitFromConference(String callId) {
@@ -830,4 +845,10 @@ public abstract class ConnectionService extends Service {
         return Connection.getNullConnection();
     }
 
+    /**
+     * Enforces the {@code BIND_CONNECTION_SERVICE} permission for connection service calls.
+     */
+    private void enforceBindConnectionServicePermission() {
+        enforceCallingPermission(Manifest.permission.BIND_CONNECTION_SERVICE, null);
+    }
 }