diff options
| author | Meng Wang <mewan@google.com> | 2020-12-23 15:43:10 -0800 |
|---|---|---|
| committer | Meng Wang <mewan@google.com> | 2020-12-23 15:43:10 -0800 |
| commit | 9990ecec934fab5787bf752f7474568eae2a5599 (patch) | |
| tree | 78ba7a7d4b832e93aca551f83b90cca51a2aa383 | |
| parent | 9fc348c9b9c4bd15e5d46ca3c0e9f694f279cdf9 (diff) | |
Allow platform app to use USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission
This permission is intended for 3rd party apps only with appops,
but it's not allowed to say 'appop' without 'signature' as
android:protectionLevel. So also honor platform key signed app using
this permission.
Bug: 174263375
Test: `atest android.telephony.cts.TelephonyManagerTest#testTelephonyManager` pass on crosshatch
Change-Id: I889c9342cae09ffeeb028cede30f59f2b35b4ea7
| -rw-r--r-- | telephony/common/com/android/internal/telephony/TelephonyPermissions.java | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java index 515d329adf2e..48a5ab6d204b 100644 --- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java +++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java @@ -405,6 +405,10 @@ public final class TelephonyPermissions { */ public static boolean checkCallingOrSelfUseIccAuthWithDeviceIdentifier(Context context, String callingPackage, String callingFeatureId, String message) { + // The implementation follows PermissionChecker.checkAppOpPermission, but it cannot be + // used directly: because it uses noteProxyOpNoThrow which requires the phone process + // having the permission, which doesn't make sense since phone process is the ower of + // data/action. // Cannot perform appop check if the calling package is null if (callingPackage == null) { return false; @@ -413,7 +417,17 @@ public final class TelephonyPermissions { AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); int opMode = appOps.noteOpNoThrow(AppOpsManager.OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, callingUid, callingPackage, callingFeatureId, message); - return opMode == AppOpsManager.MODE_ALLOWED; + switch (opMode) { + case AppOpsManager.MODE_ALLOWED: + case AppOpsManager.MODE_FOREGROUND: + return true; + case AppOpsManager.MODE_DEFAULT: + return context.checkCallingOrSelfPermission( + Manifest.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER) + == PERMISSION_GRANTED; + default: + return false; + } } /** |