filter deviceIdentifiers for subscriptionInfo if callers without perm
Fix a security issue that app can read iccId of sim card(s) without
requiring READ_PRIVILEGED_PHONE_STATE permission when calling hidden API SubscriptionManager.getAllActiveSubscriptionInfoList. Apply
deviceIdentifier filter to remove those info if the caller does not have proper permissions.
Bug: 183612370
Test: Manual
Change-Id: If7d243c40d187008f8cb314b162228cbad1702a4
diff --git a/src/java/com/android/internal/telephony/SubscriptionController.java b/src/java/com/android/internal/telephony/SubscriptionController.java
index aa3c174..3510b66 100644
--- a/src/java/com/android/internal/telephony/SubscriptionController.java
+++ b/src/java/com/android/internal/telephony/SubscriptionController.java
@@ -920,6 +920,10 @@
subList = getSubInfo(null, null);
if (subList != null) {
if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");
+ subList.stream().map(
+ subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,
+ callingPackage, callingFeatureId, "getAllSubInfoList"))
+ .collect(Collectors.toList());
} else {
if (VDBG) logd("[getAllSubInfoList]- no info return");
}