commit | 1221ede9d8cdea7586ae98357726df3d80e0e448 | [log] [tgz] |
---|---|---|
author | Shuo Qian <shuoq@google.com> | Fri Jul 31 18:17:46 2020 -0700 |
committer | Shuo Qian <shuoq@google.com> | Mon Aug 03 18:33:29 2020 +0000 |
tree | cac1e500f15e521bf7620f2849495bad1f811244 | |
parent | 23010130afe1ddc4f4a86b9d4013c04abc3eca28 [diff] |
Add package checking with Uid in EuiccController#getEid EuiccController does not validate the calling package name (i.e. to ensure that it is owned by the calling UID). It is therefore possible for an app to effectively gain carrier privileges in the call to EuiccController#getEid by passing the package name of another app that does has carrier privileges to one or more subscriptions. Test: safe net log Bug: 159062405 Change-Id: I0bf7c8b267a0c9cd877328c4ff3169950e1ff64f