Used checkPackage to check UID and package
This is our best guess at a fix, but there's unfortunately no way to
verify it currently.
Bug: 150979331
Bug: 146570216
Test: builds
Change-Id: I567639aa789c6c4db8e230d5db4938f92901f44e
Merged-In: I567639aa789c6c4db8e230d5db4938f92901f44e
(cherry picked from commit 4cda45544a1e5d097100afbbb549ec2e6c610763)
(cherry picked from commit 262519f4cf0bd28dfc102775815cceb9f7788e20)
diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index ca56ab1..b0f8c5f 100755
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -6328,15 +6328,10 @@
@Override
public List<UiccCardInfo> getUiccCardsInfo(String callingPackage) {
- try {
- PackageManager pm = mApp.getPackageManager();
- if (Binder.getCallingUid() != pm.getPackageUid(callingPackage, 0)) {
- throw new SecurityException("Calling package " + callingPackage + " does not match "
- + "calling UID");
- }
- } catch (PackageManager.NameNotFoundException e) {
- throw new SecurityException("Invalid calling package. e=" + e);
- }
+ // Verify that tha callingPackage belongs to the calling UID
+ mApp.getSystemService(AppOpsManager.class)
+ .checkPackage(Binder.getCallingUid(), callingPackage);
+
boolean hasReadPermission = false;
try {
enforceReadPrivilegedPermission("getUiccCardsInfo");
