filter deviceIdentifiers for subscriptionInfo if callers without perm Fix a security issue that app can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission when calling hidden API SubscriptionManager.getAllActiveSubscriptionInfoList. Apply deviceIdentifier filter to remove those info if the caller does not have proper permissions. Bug: 183612370 Test: Manual Change-Id: If7d243c40d187008f8cb314b162228cbad1702a4

commit: f6bb9b20840c29e74a37ea2b880e63b3fc9470ff [log] [tgz]
author: Chen Xu <fionaxu@google.com> Thu May 13 15:49:01 2021 -0700
committer: Chen Xu <fionaxu@google.com> Thu May 13 22:57:38 2021 +0000
tree: 20fae25506683db8ca4a0a3e8e844786b8d343a4
parent: 6b9de83d8b1fd38d8d0d437a98a0b3213ed7c1a7 [diff]
diff --git a/src/java/com/android/internal/telephony/SubscriptionController.java b/src/java/com/android/internal/telephony/SubscriptionController.java
index aa3c174..3510b66 100644
--- a/src/java/com/android/internal/telephony/SubscriptionController.java
+++ b/src/java/com/android/internal/telephony/SubscriptionController.java

@@ -920,6 +920,10 @@
             subList = getSubInfo(null, null);
             if (subList != null) {
                 if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");
+                subList.stream().map(
+                        subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,
+                                callingPackage, callingFeatureId, "getAllSubInfoList"))
+                        .collect(Collectors.toList());
             } else {
                 if (VDBG) logd("[getAllSubInfoList]- no info return");
             }
commit	f6bb9b20840c29e74a37ea2b880e63b3fc9470ff	[log] [tgz]
author	Chen Xu <fionaxu@google.com>	Thu May 13 15:49:01 2021 -0700
committer	Chen Xu <fionaxu@google.com>	Thu May 13 22:57:38 2021 +0000
tree	20fae25506683db8ca4a0a3e8e844786b8d343a4
parent	6b9de83d8b1fd38d8d0d437a98a0b3213ed7c1a7 [diff]