Merge changes from topic "msisdn"

* changes: Update READ_PHONE_NUMBER security checks Move getMsisdn and getLine1Number to READ_PHONE_NUMBERS
author: Sarah Chin <sarahchin@google.com> 2020-04-14 20:02:40 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2020-04-14 20:02:40 +0000
commit: 06a2db194fbcd118d17aff339dd0bf2066384419 (patch)
tree: 33799dfd10ba961f3598dbd7c05c477442d8429c /telephony/common
parent: 8d7c075bee99ffeb70b35ea0689cfc9a7559a74c (diff)
parent: 4f8716bb8d43420f9cf970a7d2a3cf714d612316 (diff)
1 files changed, 38 insertions, 9 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 2077800cd808..fff6696604dc 100644
--- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -445,8 +445,9 @@ public final class TelephonyPermissions {
     /**
      * Returns whether the caller can read phone numbers.
      *
-     * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}, the
-     * default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS can also read phone numbers.
+     * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}
+     * (only prior to R), the default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS
+     * can also read phone numbers.
      */
     public static boolean checkCallingOrSelfReadPhoneNumber(
             Context context, int subId, String callingPackage, @Nullable String callingFeatureId,
@@ -459,8 +460,9 @@ public final class TelephonyPermissions {
     /**
      * Returns whether the caller can read phone numbers.
      *
-     * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}, the
-     * default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS can also read phone numbers.
+     * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}
+     * (only prior to R), the default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS
+     * can also read phone numbers.
      */
     @VisibleForTesting
     public static boolean checkReadPhoneNumber(
@@ -476,13 +478,40 @@ public final class TelephonyPermissions {
         // NOTE(b/73308711): If an app has one of the following AppOps bits explicitly revoked, they
         // will be denied access, even if they have another permission and AppOps bit if needed.
 
-        // First, check if we can read the phone state.
+        // First, check if the SDK version is below R
+        boolean preR = false;
         try {
-            return checkReadPhoneState(
-                    context, subId, pid, uid, callingPackage, callingFeatureId,
-                    message);
-        } catch (SecurityException readPhoneStateSecurityException) {
+            ApplicationInfo info = context.getPackageManager().getApplicationInfoAsUser(
+                    callingPackage, 0, UserHandle.getUserHandleForUid(Binder.getCallingUid()));
+            preR = info.targetSdkVersion <= Build.VERSION_CODES.Q;
+        } catch (PackageManager.NameNotFoundException nameNotFoundException) {
         }
+        if (preR) {
+            // SDK < R allows READ_PHONE_STATE, READ_PRIVILEGED_PHONE_STATE, or carrier privilege
+            try {
+                return checkReadPhoneState(
+                        context, subId, pid, uid, callingPackage, callingFeatureId, message);
+            } catch (SecurityException readPhoneStateException) {
+            }
+        } else {
+            // SDK >= R allows READ_PRIVILEGED_PHONE_STATE or carrier privilege
+            try {
+                context.enforcePermission(
+                        android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, pid, uid, message);
+                // Skip checking for runtime permission since caller has privileged permission
+                return true;
+            } catch (SecurityException readPrivilegedPhoneStateException) {
+                if (SubscriptionManager.isValidSubscriptionId(subId)) {
+                    try {
+                        enforceCarrierPrivilege(context, subId, uid, message);
+                        // Skip checking for runtime permission since caller has carrier privilege
+                        return true;
+                    } catch (SecurityException carrierPrivilegeException) {
+                    }
+                }
+            }
+        }
+
         // Can be read with READ_SMS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_SMS, pid, uid, message);
author	Sarah Chin <sarahchin@google.com>	2020-04-14 20:02:40 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2020-04-14 20:02:40 +0000
commit	06a2db194fbcd118d17aff339dd0bf2066384419 (patch)
tree	33799dfd10ba961f3598dbd7c05c477442d8429c /telephony/common
parent	8d7c075bee99ffeb70b35ea0689cfc9a7559a74c (diff)
parent	4f8716bb8d43420f9cf970a7d2a3cf714d612316 (diff)