Merge "Update READ_PHONE_NUMBER security checks" into rvc-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2020-03-26 01:31:21 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-03-26 01:31:21 +0000
commit: b98be8b6a9fea74dea1c41ccbabac791479583d6 (patch)
tree: 8493e0b5187b1ee104dbb86bd176a672bcde45d2 /telephony/common
parent: 46f0be1f16fafb4372a093c4b730cac4dca73a79 (diff)
parent: 48273a3520897cf16aaa17dc3b5b8a301612d71f (diff)
1 files changed, 27 insertions, 3 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 0b331744d922..7e02966779a2 100644
--- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -442,16 +442,40 @@ public final class TelephonyPermissions {
         // NOTE(b/73308711): If an app has one of the following AppOps bits explicitly revoked, they
         // will be denied access, even if they have another permission and AppOps bit if needed.
 
-        // First, check if we can read the phone state and the SDK version is below R.
+        // First, check if the SDK version is below R
+        boolean preR = false;
         try {
             ApplicationInfo info = context.getPackageManager().getApplicationInfoAsUser(
                     callingPackage, 0, UserHandle.getUserHandleForUid(Binder.getCallingUid()));
-            if (info.targetSdkVersion <= Build.VERSION_CODES.Q) {
+            preR = info.targetSdkVersion <= Build.VERSION_CODES.Q;
+        } catch (PackageManager.NameNotFoundException nameNotFoundException) {
+        }
+        if (preR) {
+            // SDK < R allows READ_PHONE_STATE, READ_PRIVILEGED_PHONE_STATE, or carrier privilege
+            try {
                 return checkReadPhoneState(
                         context, subId, pid, uid, callingPackage, callingFeatureId, message);
+            } catch (SecurityException readPhoneStateException) {
+            }
+        } else {
+            // SDK >= R allows READ_PRIVILEGED_PHONE_STATE or carrier privilege
+            try {
+                context.enforcePermission(
+                        android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, pid, uid, message);
+                // Skip checking for runtime permission since caller has privileged permission
+                return true;
+            } catch (SecurityException readPrivilegedPhoneStateException) {
+                if (SubscriptionManager.isValidSubscriptionId(subId)) {
+                    try {
+                        enforceCarrierPrivilege(context, subId, uid, message);
+                        // Skip checking for runtime permission since caller has carrier privilege
+                        return true;
+                    } catch (SecurityException carrierPrivilegeException) {
+                    }
+                }
             }
-        } catch (SecurityException | PackageManager.NameNotFoundException e) {
         }
+
         // Can be read with READ_SMS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_SMS, pid, uid, message);
author	TreeHugger Robot <treehugger-gerrit@google.com>	2020-03-26 01:31:21 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-03-26 01:31:21 +0000
commit	b98be8b6a9fea74dea1c41ccbabac791479583d6 (patch)
tree	8493e0b5187b1ee104dbb86bd176a672bcde45d2 /telephony/common
parent	46f0be1f16fafb4372a093c4b730cac4dca73a79 (diff)
parent	48273a3520897cf16aaa17dc3b5b8a301612d71f (diff)