Add package checking with Uid in EuiccController#getEid
EuiccController does not validate the calling package name
(i.e. to ensure that it is owned by the calling UID). It is
therefore possible for an app to effectively gain carrier
privileges in the call to EuiccController#getEid by
passing the package name of another app that does has carrier
privileges to one or more subscriptions.
Test: safe net log
Bug: 159062405
Change-Id: I0bf7c8b267a0c9cd877328c4ff3169950e1ff64f
(cherry picked from commit 1221ede9d8cdea7586ae98357726df3d80e0e448)
diff --git a/src/java/com/android/internal/telephony/euicc/EuiccController.java b/src/java/com/android/internal/telephony/euicc/EuiccController.java
index 09e17c3..400c326 100644
--- a/src/java/com/android/internal/telephony/euicc/EuiccController.java
+++ b/src/java/com/android/internal/telephony/euicc/EuiccController.java
@@ -47,6 +47,7 @@
import android.telephony.euicc.EuiccManager;
import android.telephony.euicc.EuiccManager.OtaStatus;
import android.text.TextUtils;
+import android.util.EventLog;
import android.util.Log;
import android.util.Pair;
@@ -191,6 +192,12 @@
@Override
public String getEid(int cardId, String callingPackage) {
boolean callerCanReadPhoneStatePrivileged = callerCanReadPhoneStatePrivileged();
+ try {
+ mAppOpsManager.checkPackage(Binder.getCallingUid(), callingPackage);
+ } catch (SecurityException e) {
+ EventLog.writeEvent(0x534e4554, "159062405", -1, "Missing UID checking");
+ throw e;
+ }
long token = Binder.clearCallingIdentity();
try {
if (!callerCanReadPhoneStatePrivileged
