diff options
| author | Robert Greenwalt <rgreenwalt@google.com> | 2020-01-07 16:18:29 -0800 |
|---|---|---|
| committer | Sarah Chin <sarahchin@google.com> | 2020-03-17 13:12:34 -0700 |
| commit | 3dde71f506a35465bd8034794556df1ac300017e (patch) | |
| tree | cf71b4b48f94f7358cbd90d682e987a666b2f9e1 /telephony/common | |
| parent | 70d266df9b7be2ae2aad7cb20c51b1bcc0c296ae (diff) | |
Move getMsisdn and getLine1Number to READ_PHONE_NUMBERS
This is done to get dangerous stuff off the READ_PHONE_STATE permission.
Also keeping READ_PHONE_STATE for apps targeting old SDK versions.
Refactored getPhoneNumber to allow READ_PHONE_STATE pre-R
Bug: 136160623
Test: atest SubInfoControllerTest, TelephonyPermissionsTest
Change-Id: I5c0adcbe432ffcbb22ac8959792ee60da7039f15
Diffstat (limited to 'telephony/common')
| -rw-r--r-- | telephony/common/com/android/internal/telephony/TelephonyPermissions.java | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java index b89772538c6d..f0f9721744dd 100644 --- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java +++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java @@ -437,8 +437,9 @@ public final class TelephonyPermissions { /** * Returns whether the caller can read phone numbers. * - * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}, the - * default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS can also read phone numbers. + * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState} + * (only prior to R), the default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS + * can also read phone numbers. */ public static boolean checkCallingOrSelfReadPhoneNumber( Context context, int subId, String callingPackage, @Nullable String callingFeatureId, @@ -451,8 +452,9 @@ public final class TelephonyPermissions { /** * Returns whether the caller can read phone numbers. * - * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}, the - * default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS can also read phone numbers. + * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState} + * (only prior to R), the default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS + * can also read phone numbers. */ @VisibleForTesting public static boolean checkReadPhoneNumber( @@ -468,12 +470,15 @@ public final class TelephonyPermissions { // NOTE(b/73308711): If an app has one of the following AppOps bits explicitly revoked, they // will be denied access, even if they have another permission and AppOps bit if needed. - // First, check if we can read the phone state. + // First, check if we can read the phone state and the SDK version is below R. try { - return checkReadPhoneState( - context, subId, pid, uid, callingPackage, callingFeatureId, - message); - } catch (SecurityException readPhoneStateSecurityException) { + ApplicationInfo info = context.getPackageManager().getApplicationInfoAsUser( + callingPackage, 0, UserHandle.getUserHandleForUid(Binder.getCallingUid())); + if (info.targetSdkVersion <= Build.VERSION_CODES.Q) { + return checkReadPhoneState( + context, subId, pid, uid, callingPackage, callingFeatureId, message); + } + } catch (SecurityException | PackageManager.NameNotFoundException e) { } // Can be read with READ_SMS too. try { |