Add checks for READ_PRIVILEGED_PHONE_STATE.

Callers will have either PRIVILEGED or regular READ_PHONE_STATE.

Bug: 22468536
Change-Id: I60251f61250a975f4147b027d2539824a728e3b5
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index 9c5e529..d0d9493 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -19,6 +19,7 @@
 import static android.Manifest.permission.CALL_PHONE;
 import static android.Manifest.permission.MODIFY_PHONE_STATE;
 import static android.Manifest.permission.READ_PHONE_STATE;
+import static android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE;
 import static android.Manifest.permission.REGISTER_SIM_SUBSCRIPTION;
 import static android.Manifest.permission.WRITE_SECURE_SETTINGS;
 
@@ -1110,12 +1111,18 @@
             return true;
         }
 
-        // Accessing phone state is gated by a special permission.
-        mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, message);
+        try {
+            mContext.enforceCallingPermission(READ_PHONE_STATE, message);
+            // SKIP checking run-time OP_READ_PHONE_STATE since using PRIVILEGED
+            return true;
+        } catch (SecurityException e) {
+            // Accessing phone state is gated by a special permission.
+            mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, message);
 
-        // Some apps that have the permission can be restricted via app ops.
-        return mAppOpsManager.noteOp(AppOpsManager.OP_READ_PHONE_STATE,
-                Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED;
+            // Some apps that have the permission can be restricted via app ops.
+            return mAppOpsManager.noteOp(AppOpsManager.OP_READ_PHONE_STATE,
+                    Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED;
+        }
     }
 
     private boolean canCallPhone(String callingPackage, String message) {