diff options
author | Michael Groover <mpgroover@google.com> | 2020-03-04 20:41:36 -0800 |
---|---|---|
committer | Michael Groover <mpgroover@google.com> | 2020-03-19 20:42:47 +0000 |
commit | 56a84b26f4b5f195ad5157fa99b46f72aab496a4 (patch) | |
tree | 9bbba97632414c6c7f0e4e0922a87eaa1c88c60c /telephony/common/com | |
parent | 215bb80b3fa01edbc68f655fbe9f418a1d178c04 (diff) |
Refactor device ID access SystemAPI to PermissionManager
Based on feedback during the API review of the new SystemAPI for
telephony to check device identifier access the method was moved
from DevicePolicyManager to a more generic location to perform
the non-subscriber portions of the check.
Bug: 147761267
Test: atest TelephonyPermissionsTest
Test: atest PermissionManagerServiceTest
Test: atest DeviceIdentifierTest
Test: atest DeviceOwnerTest#testDeviceOwnerCanGetDeviceIdentifiers
Test: atest TelephonyManagerTest
Test: atest DeviceOwnerTest#testDeviceOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest ManagedProfileTest#testProfileOwnerOnPersonalDeviceCannotGetDeviceIdentifiers
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCanGetDeviceIdentifiers
Change-Id: Ic1867dad0b2369f2dc1a7d31facb65f89131376f
Diffstat (limited to 'telephony/common/com')
-rw-r--r-- | telephony/common/com/android/internal/telephony/TelephonyPermissions.java | 38 |
1 files changed, 5 insertions, 33 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java index 68b17688c22e..0b331744d922 100644 --- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java +++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java @@ -20,7 +20,6 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED; import android.Manifest; import android.annotation.Nullable; import android.app.AppOpsManager; -import android.app.admin.DevicePolicyManager; import android.content.Context; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; @@ -28,6 +27,7 @@ import android.os.Binder; import android.os.Build; import android.os.Process; import android.os.UserHandle; +import android.permission.PermissionManager; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; import android.util.Log; @@ -303,14 +303,10 @@ public final class TelephonyPermissions { String message, boolean allowCarrierPrivilegeOnAnySub) { int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); - // Allow system and root access to the device identifiers. - final int appId = UserHandle.getAppId(uid); - if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID) { - return true; - } - // Allow access to packages that have the READ_PRIVILEGED_PHONE_STATE permission. - if (context.checkPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, pid, - uid) == PackageManager.PERMISSION_GRANTED) { + PermissionManager permissionManager = (PermissionManager) context.getSystemService( + Context.PERMISSION_SERVICE); + if (permissionManager.checkDeviceIdentifierAccess(callingPackage, message, callingFeatureId, + pid, uid) == PackageManager.PERMISSION_GRANTED) { return true; } @@ -323,30 +319,6 @@ public final class TelephonyPermissions { return true; } - // if the calling package is not null then perform the DevicePolicyManager device / - // profile owner and Appop checks. - if (callingPackage != null) { - // Allow access to an app that has been granted the READ_DEVICE_IDENTIFIERS app op. - long token = Binder.clearCallingIdentity(); - AppOpsManager appOpsManager = (AppOpsManager) context.getSystemService( - Context.APP_OPS_SERVICE); - try { - if (appOpsManager.noteOpNoThrow(AppOpsManager.OPSTR_READ_DEVICE_IDENTIFIERS, uid, - callingPackage, callingFeatureId, null) == AppOpsManager.MODE_ALLOWED) { - return true; - } - } finally { - Binder.restoreCallingIdentity(token); - } - // Allow access to a device / profile owner app. - DevicePolicyManager devicePolicyManager = - (DevicePolicyManager) context.getSystemService( - Context.DEVICE_POLICY_SERVICE); - if (devicePolicyManager != null && devicePolicyManager.hasDeviceIdentifierAccess( - callingPackage, pid, uid)) { - return true; - } - } return reportAccessDeniedToReadIdentifiers(context, subId, pid, uid, callingPackage, message); } |