From 29dfa1cd76135b2e6ca8fd9a9fb4416a7baf6578 Mon Sep 17 00:00:00 2001
From: Brad Ebinger <breadley@google.com>
Date: Wed, 17 Feb 2021 23:21:36 +0000
Subject: Define new permission to perform IMS RCS Reg actions and integrate
 ACCESS_IMS_SINGLE_REGISTRATION into APIS

Move from MODIFY_PHONE_STATE to ACCESS_IMS_SINGLE_REGISTRATION
as per design doc.

Bug: 149426399
Bug: 173652571
Bug: 168923956
Test: atest CtsTelephonyTestCases
Merged-In: I6d4ae879d9d2b347f6576ea20f9e42454b39936b
Merged-In: Idabfda6853ec2a24544da5253ad0e43c47a6cc69
Change-Id: Ie0e1198c8b9cfa0bab90407c8d35273159f63302
---
 .../internal/telephony/TelephonyPermissions.java   | 61 ++++++++++++++++++++++
 1 file changed, 61 insertions(+)

(limited to 'telephony/common')

diff --git a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 225e3f760d20..38fa9077f188 100644
--- a/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -639,6 +639,67 @@ public final class TelephonyPermissions {
         }
     }
 
+    /**
+     * Given a list of permissions, check to see if the caller has at least one of them. If the
+     * caller has none of these permissions, throw a SecurityException.
+     */
+    public static void enforceAnyPermissionGranted(Context context, int uid, String message,
+            String... permissions) {
+        if (permissions.length == 0) return;
+        boolean isGranted = false;
+        for (String perm : permissions) {
+            if (context.checkCallingOrSelfPermission(perm) == PERMISSION_GRANTED) {
+                isGranted = true;
+                break;
+            }
+        }
+
+        if (isGranted) return;
+
+        StringBuilder b = new StringBuilder(message);
+        b.append(": Neither user ");
+        b.append(uid);
+        b.append(" nor current process has ");
+        b.append(permissions[0]);
+        for (int i = 1; i < permissions.length; i++) {
+            b.append(" or ");
+            b.append(permissions[i]);
+        }
+        throw new SecurityException(b.toString());
+    }
+
+    /**
+     * Given a list of permissions, check to see if the caller has at least one of them granted. If
+     * not, check to see if the caller has carrier privileges. If the caller does not have any  of
+     * these permissions, throw a SecurityException.
+     */
+    public static void enforceAnyPermissionGrantedOrCarrierPrivileges(Context context, int subId,
+            int uid, String message, String... permissions) {
+        if (permissions.length == 0) return;
+        boolean isGranted = false;
+        for (String perm : permissions) {
+            if (context.checkCallingOrSelfPermission(perm) == PERMISSION_GRANTED) {
+                isGranted = true;
+                break;
+            }
+        }
+
+        if (isGranted) return;
+        if (checkCarrierPrivilegeForSubId(context, subId)) return;
+
+        StringBuilder b = new StringBuilder(message);
+        b.append(": Neither user ");
+        b.append(uid);
+        b.append(" nor current process has ");
+        b.append(permissions[0]);
+        for (int i = 1; i < permissions.length; i++) {
+            b.append(" or ");
+            b.append(permissions[i]);
+        }
+        b.append(" or carrier privileges");
+        throw new SecurityException(b.toString());
+    }
+
     /**
      * Throws if the caller is not of a shell (or root) UID.
      *
-- 
cgit v1.2.3