commit 1deeb0cd6927770ac44aa52ac0e0a135837ffaf4
author Nazanin <nazaninb@google.com> Tue Apr 06 11:28:43 2021 -0700
committer Nazanin Bakhshi <nazaninb@google.com> Tue Apr 20 15:45:52 2021 +0000
tree 6891e694fd669954479e0cb2982cd4d8a7b5888a
parent a4905a433d48c5d2f4936c4f9e94f88acace4e95

Security fix: as part of enforcing read privilege permission to check package
privileges in TelephonyManager, clear calling identity to ensure current
functionalities work

Bug: 180938364
Test: cts
Change-Id: I274de9bb6a08f4279e3706948725b90d0a4cbb01

src/java/com/android/internal/telephony/euicc/EuiccController.java

diff --git a/src/java/com/android/internal/telephony/euicc/EuiccController.java b/src/java/com/android/internal/telephony/euicc/EuiccController.java
index 2d81299..4ac3176 100644
--- a/src/java/com/android/internal/telephony/euicc/EuiccController.java
+++ b/src/java/com/android/internal/telephony/euicc/EuiccController.java
@@ -1538,8 +1538,13 @@
 
             // There is no active subscription on the target SIM, checks whether the caller can
             // manage any active subscription on any other SIM.
-            return mTelephonyManager.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
+            final long token = Binder.clearCallingIdentity();
+            try {
+                return mTelephonyManager.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
                     == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
         } else {
             for (SubscriptionInfo subInfo : subInfoList) {
                 if (subInfo.isEmbedded()