Reorder TelephonyPermissions calls for carrier privileges

The SubscriptionManager APIs that return SubscriptionInfo objects are often invoked by carrier privileged apps to obtain the details about the subscription(s). Identifier and phone number access checks currently verify requirements that typically cannot be satisfied by carrier privileged apps first before verifying an app holds carrier privileges. This commit invokes the carrier privileges check before the generic PermissionManagerService check for identifier access and moves the WRITE_SMS appop check after the READ_PHONE_STATE / carrier privilege check for phone number access. Bug: 157642567 Fixes: 73308711 Test: atest TelephonyPermissionsTest Test: atest SubscriptionControllerTest Change-Id: I0a446af5c2adaf1d6b06da221f9e236b1bdde146
author: Michael Groover <mpgroover@google.com> 2020-06-20 15:25:53 -0700
committer: Michael Groover <mpgroover@google.com> 2020-06-21 16:47:58 -0700
commit: 8d7d92d71055e7740fe1ba993960774070aea6f5 (patch)
tree: 53dcb2814792cbfca68247b6fa92c7a5a1afa2aa /telephony
parent: a27465258acbc7e4f0007cf2ab3d0cbfd1294893 (diff)
1 files changed, 21 insertions, 22 deletions
diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 1a38a42873b7..bc987a6282c7 100644
--- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -303,12 +303,6 @@ public final class TelephonyPermissions {
             String message, boolean allowCarrierPrivilegeOnAnySub) {
         int uid = Binder.getCallingUid();
         int pid = Binder.getCallingPid();
-        PermissionManager permissionManager = (PermissionManager) context.getSystemService(
-                Context.PERMISSION_SERVICE);
-        if (permissionManager.checkDeviceIdentifierAccess(callingPackage, message, callingFeatureId,
-                pid, uid) == PackageManager.PERMISSION_GRANTED) {
-            return true;
-        }
 
         // If the calling package has carrier privileges for specified sub, then allow access.
         if (checkCarrierPrivilegeForSubId(context, subId)) return true;
@@ -319,6 +313,13 @@ public final class TelephonyPermissions {
             return true;
         }
 
+        PermissionManager permissionManager = (PermissionManager) context.getSystemService(
+                Context.PERMISSION_SERVICE);
+        if (permissionManager.checkDeviceIdentifierAccess(callingPackage, message, callingFeatureId,
+                pid, uid) == PackageManager.PERMISSION_GRANTED) {
+            return true;
+        }
+
         return reportAccessDeniedToReadIdentifiers(context, subId, pid, uid, callingPackage,
                 message);
     }
@@ -433,16 +434,6 @@ public final class TelephonyPermissions {
     public static boolean checkReadPhoneNumber(
             Context context, int subId, int pid, int uid,
             String callingPackage, @Nullable String callingFeatureId, String message) {
-        // Default SMS app can always read it.
-        AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
-        if (appOps.noteOp(AppOpsManager.OPSTR_WRITE_SMS, uid, callingPackage, callingFeatureId,
-                null) == AppOpsManager.MODE_ALLOWED) {
-            return true;
-        }
-
-        // NOTE(b/73308711): If an app has one of the following AppOps bits explicitly revoked, they
-        // will be denied access, even if they have another permission and AppOps bit if needed.
-
         // First, check if the SDK version is below R
         boolean preR = false;
         try {
@@ -477,21 +468,29 @@ public final class TelephonyPermissions {
             }
         }
 
+        // Default SMS app can always read it.
+        AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+        if (appOps.noteOp(AppOpsManager.OPSTR_WRITE_SMS, uid, callingPackage, callingFeatureId,
+                null) == AppOpsManager.MODE_ALLOWED) {
+            return true;
+        }
         // Can be read with READ_SMS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_SMS, pid, uid, message);
-            return appOps.noteOp(AppOpsManager.OPSTR_READ_SMS, uid, callingPackage,
-                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED;
-
+            if (appOps.noteOp(AppOpsManager.OPSTR_READ_SMS, uid, callingPackage,
+                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED) {
+                return true;
+            }
         } catch (SecurityException readSmsSecurityException) {
         }
         // Can be read with READ_PHONE_NUMBERS too.
         try {
             context.enforcePermission(android.Manifest.permission.READ_PHONE_NUMBERS, pid, uid,
                     message);
-            return appOps.noteOp(AppOpsManager.OPSTR_READ_PHONE_NUMBERS, uid, callingPackage,
-                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED;
-
+            if (appOps.noteOp(AppOpsManager.OPSTR_READ_PHONE_NUMBERS, uid, callingPackage,
+                    callingFeatureId, null) == AppOpsManager.MODE_ALLOWED) {
+                return true;
+            }
         } catch (SecurityException readPhoneNumberSecurityException) {
         }
author	Michael Groover <mpgroover@google.com>	2020-06-20 15:25:53 -0700
committer	Michael Groover <mpgroover@google.com>	2020-06-21 16:47:58 -0700
commit	8d7d92d71055e7740fe1ba993960774070aea6f5 (patch)
tree	53dcb2814792cbfca68247b6fa92c7a5a1afa2aa /telephony
parent	a27465258acbc7e4f0007cf2ab3d0cbfd1294893 (diff)