Merge "Reorder TelephonyPermissions calls for carrier privileges" into rvc-dev am: f07d289b51

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11937063 Change-Id: Id740278bfbcae8754daa99a5ed34ebca8949d8be
author: Michael Groover <mpgroover@google.com> 2020-06-22 19:31:09 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-22 19:31:09 +0000
commit: 6eaa96813b756a4562ea966373c3095bd90cda82 (patch)
tree: c6e9f25e7cdb2cd655ce88b9bbd91ca83ce3519f /telephony
parent: f848746f4efc1b9b879e339fa15b2bb0a2c04e97 (diff)
parent: f07d289b5107ade60afcd15d21e65b48ef8ad8fd (diff)
1 files changed, 21 insertions, 22 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 1a38a42873b7..bc987a6282c7 100644
--- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -303,12 +303,6 @@ public final class TelephonyPermissions {
             String message, boolean allowCarrierPrivilegeOnAnySub) {
         int uid = Binder.getCallingUid();
         int pid = Binder.getCallingPid();
-        PermissionManager permissionManager = (PermissionManager) context.getSystemService(
-                Context.PERMISSION_SERVICE);
-        if (permissionManager.checkDeviceIdentifierAccess(callingPackage, message, callingFeatureId,
-                pid, uid) == PackageManager.PERMISSION_GRANTED) {
-            return true;
-        }
 
         // If the calling package has carrier privileges for specified sub, then allow access.
         if (checkCarrierPrivilegeForSubId(context, subId)) return true;
@@ -319,6 +313,13 @@ public final class TelephonyPermissions {
             return true;
         }
 
+        PermissionManager permissionManager = (PermissionManager) context.getSystemService(
+                Context.PERMISSION_SERVICE);
+        if (permissionManager.checkDeviceIdentifierAccess(callingPackage, message, callingFeatureId,
+                pid, uid) == PackageManager.PERMISSION_GRANTED) {
+            return true;
+        }
+
         return reportAccessDeniedToReadIdentifiers(context, subId, pid, uid, callingPackage,
                 message);
     }
@@ -433,16 +434,6 @@ public final class TelephonyPermissions {
     public static boolean checkReadPhoneNumber(
             Context context, int subId, int pid, int uid,
             String callingPackage, @Nullable String callingFeatureId, String message) {
-        // Default SMS app can always read it.
-        AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
-        if (appOps.noteOp(AppOpsManager.OPSTR_WRITE_SMS, uid, callingPackage, callingFeatureId,
-                null) == AppOpsManager.MODE_ALLOWED) {
-            return true;
-        }
-
-        // NOTE(b/73308711): If an app has one of the following AppOps bits explicitly revoked, they
-        // will be denied access, even if they have another permission and AppOps bit if needed.
-
         // First, check if the SDK version is below R
         boolean preR = false;
         try {
@@ -477,21 +468,29 @@ public final class TelephonyPermissions {
             }
         }
 
+        // Default SMS app can always read it.
+        AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+        if (appOps.noteOp(AppOpsManager.OPSTR_WRITE_SMS, uid, callingPackage, callingFeatureId,
+                null) == AppOpsManager.MODE_ALLOWED) {
+            return true;
+        }
         // Can be read with READ_SMS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_SMS, pid, uid, message);
-            return appOps.noteOp(AppOpsManager.OPSTR_READ_SMS, uid, callingPackage,
-                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED;
-
+            if (appOps.noteOp(AppOpsManager.OPSTR_READ_SMS, uid, callingPackage,
+                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED) {
+                return true;
+            }
         } catch (SecurityException readSmsSecurityException) {
         }
         // Can be read with READ_PHONE_NUMBERS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_PHONE_NUMBERS, pid, uid,
                     message);
-            return appOps.noteOp(AppOpsManager.OPSTR_READ_PHONE_NUMBERS, uid, callingPackage,
-                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED;
-
+            if (appOps.noteOp(AppOpsManager.OPSTR_READ_PHONE_NUMBERS, uid, callingPackage,
+                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED) {
+                return true;
+            }
         } catch (SecurityException readPhoneNumberSecurityException) {
         }
author	Michael Groover <mpgroover@google.com>	2020-06-22 19:31:09 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-22 19:31:09 +0000
commit	6eaa96813b756a4562ea966373c3095bd90cda82 (patch)
tree	c6e9f25e7cdb2cd655ce88b9bbd91ca83ce3519f /telephony
parent	f848746f4efc1b9b879e339fa15b2bb0a2c04e97 (diff)
parent	f07d289b5107ade60afcd15d21e65b48ef8ad8fd (diff)