DO NOT MERGE Check permissions on getDeviceId.
bug:25778215
Change-Id: Id0f166ae61f6228a639188112d30c0c66820ee02
(cherry picked from commit e61ea8c4e059bf9141c9f737c0db876a706c9c93)
diff --git a/src/java/com/android/internal/telephony/PhoneSubInfoController.java b/src/java/com/android/internal/telephony/PhoneSubInfoController.java
index 7f0d95b..8d0c1c6 100644
--- a/src/java/com/android/internal/telephony/PhoneSubInfoController.java
+++ b/src/java/com/android/internal/telephony/PhoneSubInfoController.java
@@ -18,6 +18,9 @@
package com.android.internal.telephony;
+import android.app.AppOpsManager;
+import android.content.Context;
+import android.os.Binder;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.telephony.SubscriptionManager;
@@ -28,21 +31,64 @@
public class PhoneSubInfoController extends IPhoneSubInfo.Stub {
private static final String TAG = "PhoneSubInfoController";
- private Phone[] mPhone;
+ private final Phone[] mPhone;
+ private final Context mContext;
+ private final AppOpsManager mAppOps;
- public PhoneSubInfoController(Phone[] phone) {
- mPhone = phone;
+ public PhoneSubInfoController(Phone[] phones) {
+ mPhone = phones;
+ Context context = null;
+ AppOpsManager appOpsManager = null;
+ for (Phone phone : mPhone) {
+ if (phone != null) {
+ context = phone.getContext();
+ appOpsManager = context.getSystemService(AppOpsManager.class);
+ break;
+ }
+ }
+ mContext = context;
+ mAppOps = appOpsManager;
if (ServiceManager.getService("iphonesubinfo") == null) {
ServiceManager.addService("iphonesubinfo", this);
}
}
- public String getDeviceId(String callingPackage) {
- return getDeviceIdForPhone(SubscriptionManager.getPhoneId(getDefaultSubscription()));
+ // try-state
+ // either have permission (true), don't (exception), or explicitly turned off (false)
+ private boolean canReadPhoneState(String callingPackage, String message) {
+ if (mContext == null) return false;
+ try {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, message);
+
+ // SKIP checking for run-time permission since caller or self has PRIVILEDGED permission
+ return true;
+ } catch (SecurityException e) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.READ_PHONE_STATE,
+ message);
+ }
+
+
+
+ if (mAppOps.noteOp(AppOpsManager.OP_READ_PHONE_STATE, Binder.getCallingUid(),
+ callingPackage) != AppOpsManager.MODE_ALLOWED) {
+ return false;
+ }
+
+ return true;
}
- public String getDeviceIdForPhone(int phoneId) {
- Phone phone = getPhone(phoneId);
+ public String getDeviceId(String callingPackage) {
+ return getDeviceIdForPhone(SubscriptionManager.getPhoneId(getDefaultSubscription()),
+ callingPackage);
+ }
+
+ public String getDeviceIdForPhone(int phoneId, String callingPackage) {
+ if (!canReadPhoneState(callingPackage, "getDeviceId")) {
+ return null;
+ }
+
+ final Phone phone = getPhone(phoneId);
if (phone != null) {
return phone.getDeviceId();
} else {
diff --git a/src/java/com/android/internal/telephony/PhoneSubInfoProxy.java b/src/java/com/android/internal/telephony/PhoneSubInfoProxy.java
index 82376d1..92a1ab0 100755
--- a/src/java/com/android/internal/telephony/PhoneSubInfoProxy.java
+++ b/src/java/com/android/internal/telephony/PhoneSubInfoProxy.java
@@ -152,7 +152,7 @@
}
@Override
- public String getDeviceIdForPhone(int phoneId) throws RemoteException {
+ public String getDeviceIdForPhone(int phoneId, String callingPackage) throws RemoteException {
// FIXME: getDeviceIdForPhone
return null;
}