commit 213aba7e18ddadf800be981b802d8e242c61e0ad
author Aishwarya Mallampati <amallampati@google.com> Fri Oct 28 23:39:20 2022 +0000
committer Aishwarya Mallampati <amallampati@google.com> Thu May 25 18:53:55 2023 +0000
tree d127db280fda4266ede88b0c2f5e6503db48d4e5
parent 81a2fc9662d34a66cbf266f95624af3339fa5b72

DO NOT MERGE Grant carrier privileges if package has carrier config access.

TelephonyManager#hasCarrierPrivileges internally uses
SubscriptionManager#canManageSubscription to decide whether to grant
carrier privilege status to an app or not.
SubscriptionManager#canManageSubscription returns true if caller APK's
certificate matches with one of the mNativeAccessRules or
mCarrierConfigAccessRules. This over-grants carrier privilege status
to apps that only has mNativeAccessRules.
Carrier privilege status should
be granted to the caller APK only if it's certificate matches with one
of mCarrierConfigAccessRules.
Replaced SubscriptionManager#canManageSubscription with
PhoneInterfaceManager#hasCarrierConfigAccess which returns true only if
caller APK certificates matches with one of mCarrierConfigAccessRules of
the given subscription.

Bug: 226593252
Test: Manual Testing as explained in b/226593252#comment51
      atest CtsTelephonyTestCases
      Flashed build on raven-userdebug and performed basic funtionality
      tests

Change-Id: I6899de902e6e3ffda47b48d0ae806ac9c17ee2a6

src/com/android/phone/PhoneInterfaceManager.java

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index 0fd7ec0..a4fd387 100755
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -92,6 +92,7 @@
 import android.telephony.TelephonyHistogram;
 import android.telephony.TelephonyManager;
 import android.telephony.TelephonyScanManager;
+import android.telephony.UiccAccessRule;
 import android.telephony.UiccCardInfo;
 import android.telephony.UiccSlotInfo;
 import android.telephony.UssdResponse;
@@ -5829,14 +5830,18 @@
 
         PackageManager pkgMgr = phone.getContext().getPackageManager();
         String[] packages = pkgMgr.getPackagesForUid(uid);
+        if (packages == null) {
+            return privilegeFromSim;
+        }
 
         final long identity = Binder.clearCallingIdentity();
         try {
-            SubscriptionInfo subInfo = subController.getSubscriptionInfo(phone.getSubId());
-            SubscriptionManager subManager = (SubscriptionManager)
-                    phone.getContext().getSystemService(Context.TELEPHONY_SUBSCRIPTION_SERVICE);
+            int subId = phone.getSubId();
+            SubscriptionInfo subInfo = subController.getSubscriptionInfo(subId);
+            List<UiccAccessRule> carrierConfigAccessRules = subInfo.getCarrierConfigAccessRules();
+
             for (String pkg : packages) {
-                if (subManager.canManageSubscription(subInfo, pkg)) {
+                if (hasCarrierConfigAccess(pkg, pkgMgr, carrierConfigAccessRules)) {
                     return TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
                 }
             }
@@ -5855,16 +5860,51 @@
 
         final long identity = Binder.clearCallingIdentity();
         try {
-            SubscriptionInfo subInfo = subController.getSubscriptionInfo(phone.getSubId());
-            SubscriptionManager subManager = (SubscriptionManager)
-                    phone.getContext().getSystemService(Context.TELEPHONY_SUBSCRIPTION_SERVICE);
-            return subManager.canManageSubscription(subInfo, pkgName)
+            int subId = phone.getSubId();
+            SubscriptionInfo subInfo = subController.getSubscriptionInfo(subId);
+            List<UiccAccessRule> carrierConfigAccessRules = subInfo.getCarrierConfigAccessRules();
+
+            return hasCarrierConfigAccess(pkgName, phone.getContext().getPackageManager(),
+                carrierConfigAccessRules)
                 ? TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS : privilegeFromSim;
         } finally {
             Binder.restoreCallingIdentity(identity);
         }
     }
 
+    /**
+     * Check whether carrier privilege status can be granted to the provided app for this
+     * subscription based on the carrier config access rules of the subscription.
+     *
+     * @param packageName package name of the app to check
+     * @param packageManager package manager
+     * @param carrierConfigAccessRules carrier config access rules of the subscription
+     * @return true if the app is included in the mCarrierConfigAccessRules of this subscription.
+     */
+    private boolean hasCarrierConfigAccess(String packageName, PackageManager packageManager,
+        @NonNull List<UiccAccessRule> carrierConfigAccessRules) {
+        if ((packageName == null) || (carrierConfigAccessRules.isEmpty())) {
+            return false;
+        }
+
+        PackageInfo packageInfo;
+        try {
+            packageInfo = packageManager.getPackageInfo(packageName,
+                PackageManager.GET_SIGNING_CERTIFICATES);
+        } catch (PackageManager.NameNotFoundException e) {
+            logv("Unknown package: " + packageName);
+            return false;
+        }
+
+        for (UiccAccessRule rule : carrierConfigAccessRules) {
+            if (rule.getCarrierPrivilegeStatus(packageInfo)
+                == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public int getCarrierPrivilegeStatus(int subId) {
         final Phone phone = getPhone(subId);