Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt
Bug 22314646
DO NOT MERGE
When android.permission.SEND_SMS_NO_CONFIRMATION was renamed to
android.permission.SEND_RESPOND_VIA_MESSAGE in JB-MR2, the necessary change
in SmsDispatcher was accidentally overlooked.
Change-Id: I2c3aa79da8064e55cec5a786696de519c2bf0b07
diff --git a/src/java/com/android/internal/telephony/SMSDispatcher.java b/src/java/com/android/internal/telephony/SMSDispatcher.java
index 098ed46..a12c3fd 100644
--- a/src/java/com/android/internal/telephony/SMSDispatcher.java
+++ b/src/java/com/android/internal/telephony/SMSDispatcher.java
@@ -88,8 +88,8 @@
private static final String SEND_NEXT_MSG_EXTRA = "SendNextMsg";
/** Permission required to send SMS to short codes without user confirmation. */
- private static final String SEND_SMS_NO_CONFIRMATION_PERMISSION =
- "android.permission.SEND_SMS_NO_CONFIRMATION";
+ private static final String SEND_RESPOND_VIA_MESSAGE_PERMISSION =
+ "android.permission.SEND_RESPOND_VIA_MESSAGE";
private static final int PREMIUM_RULE_USE_SIM = 1;
private static final int PREMIUM_RULE_USE_NETWORK = 2;
@@ -995,7 +995,7 @@
* @return true if the destination is approved; false if user confirmation event was sent
*/
boolean checkDestination(SmsTracker tracker) {
- if (mContext.checkCallingOrSelfPermission(SEND_SMS_NO_CONFIRMATION_PERMISSION)
+ if (mContext.checkCallingOrSelfPermission(SEND_RESPOND_VIA_MESSAGE_PERMISSION)
== PackageManager.PERMISSION_GRANTED) {
return true; // app is pre-approved to send to short codes
} else {