Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c22e8507 authored by Svet Ganov's avatar Svet Ganov
Browse files

Clear caller indetitiy and use controller op package after security checks. 

The SubscriptionController is calling into local managers from its
context. Hence, we have to clear the IPC binder identity and then
use the app ops package name for the controller when calling into
other APIs. This avoid two situations: first, the subscription
controller calls into other APIs with the caller identity but the
controller op package name; second, the controller calls into
other APIs with its own identity but the ap op package of the
caller. This avoid crashes when we have nested APIs each of which
performs its own app op checks. Fun.

Change-Id: I0bd02d9ab1bea4de6bd96584a514cdc6406193af
parent eb974b05

src/java/com/android/internal/telephony/SubscriptionController.java

+421 −323
Original line number Diff line number Diff line
@@ -395,11 +395,17 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(callingPackage);

        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(

                    mContext.getOpPackageName());

            if (subList != null) {

                for (SubscriptionInfo si : subList) {

                    if (si.getSubscriptionId() == subId) {

                    if (DBG) logd("[getActiveSubInfoForSubscriber]+ subId=" + subId + " subInfo=" + si);

                        if (DBG)

                            logd("[getActiveSubInfoForSubscriber]+ subId=" + subId

                                    + " subInfo=" + si);

                        return si;

                    }

                }
@@ -408,6 +414,10 @@ public class SubscriptionController extends ISub.Stub { 
                logd("[getActiveSubInfoForSubscriber]- subId=" + subId

                        + " subList=" + subList + " subInfo=null");

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }



        return null;

    }
@@ -423,11 +433,16 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(callingPackage);

        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(

                    mContext.getOpPackageName());

            if (subList != null) {

                for (SubscriptionInfo si : subList) {

                    if (si.getIccId() == iccId) {

                    if (DBG) logd("[getActiveSubInfoUsingIccId]+ iccId=" + iccId + " subInfo=" + si);

                        if (DBG)

                            logd("[getActiveSubInfoUsingIccId]+ iccId=" + iccId + " subInfo=" + si);

                        return si;

                    }

                }
@@ -436,6 +451,10 @@ public class SubscriptionController extends ISub.Stub { 
                logd("[getActiveSubInfoUsingIccId]+ iccId=" + iccId

                        + " subList=" + subList + " subInfo=null");

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }



        return null;

    }
@@ -452,7 +471,11 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(callingPackage);

        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            List<SubscriptionInfo> subList = getActiveSubscriptionInfoList(

                    mContext.getOpPackageName());

            if (subList != null) {

                for (SubscriptionInfo si : subList) {

                    if (si.getSimSlotIndex() == slotIdx) {
@@ -472,6 +495,10 @@ public class SubscriptionController extends ISub.Stub { 
                    logd("[getActiveSubscriptionInfoForSimSlotIndex]+ subList=null");

                }

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }



        return null;

    }
@@ -489,6 +516,9 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            List<SubscriptionInfo> subList = null;

            subList = getSubInfo(null, null);

            if (subList != null) {
@@ -496,8 +526,10 @@ public class SubscriptionController extends ISub.Stub { 
            } else {

                if (DBG) logd("[getAllSubInfoList]- no info return");

            }



            return subList;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -513,19 +545,16 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        List<SubscriptionInfo> subList = null;



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            if (!isSubInfoReady()) {

                if (DBG) logdl("[getActiveSubInfoList] Sub Controller not ready");

            return subList;

                return null;

            }



        final long identity = Binder.clearCallingIdentity();

        try {

            subList = getSubInfo(SubscriptionManager.SIM_SLOT_INDEX + ">=0", null);

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

            List<SubscriptionInfo> subList = getSubInfo(

                    SubscriptionManager.SIM_SLOT_INDEX + ">=0", null);



            if (subList != null) {

                // FIXME: Unnecessary when an insertion sort is used!
@@ -548,6 +577,9 @@ public class SubscriptionController extends ISub.Stub { 
            }



            return subList;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -563,13 +595,20 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        List<SubscriptionInfo> records = getActiveSubscriptionInfoList(callingPackage);

        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            List<SubscriptionInfo> records = getActiveSubscriptionInfoList(

                    mContext.getOpPackageName());

            if (records == null) {

                if (DBG) logd("[getActiveSubInfoCount] records null");

                return 0;

            }

            if (DBG) logd("[getActiveSubInfoCount]- count: " + records.size());

            return records.size();

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -585,6 +624,9 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            Cursor cursor = mContext.getContentResolver().query(SubscriptionManager.CONTENT_URI,

                    null, null, null, null);

            try {
@@ -601,6 +643,9 @@ public class SubscriptionController extends ISub.Stub { 
            if (DBG) logd("[getAllSubInfoCount]- no SUB in DB");



            return 0;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -627,6 +672,9 @@ public class SubscriptionController extends ISub.Stub { 
            return -1;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            if (iccId == null) {

                if (DBG) logdl("[addSubInfoRecord]- null iccId");

                return -1;
@@ -635,8 +683,8 @@ public class SubscriptionController extends ISub.Stub { 
            int[] subIds = getSubId(slotId);

            if (subIds == null || subIds.length == 0) {

                if (DBG) {

                logdl("[addSubInfoRecord]- getSubId failed subIds == null || length == 0 subIds="

                    + subIds);

                    logdl("[addSubInfoRecord]- getSubId failed subIds == null " +

                            "|| length == 0 subIds=" + subIds);

                }

                return -1;

            }
@@ -658,7 +706,7 @@ public class SubscriptionController extends ISub.Stub { 
                            SubscriptionManager.SIM_SLOT_INDEX, SubscriptionManager.NAME_SOURCE},

                    SubscriptionManager.ICC_ID + "=?", new String[]{iccId}, null);



        int color = getUnusedColor(callingPackage);

            int color = getUnusedColor(mContext.getOpPackageName());



            try {

                if (cursor == null || !cursor.moveToFirst()) {
@@ -762,6 +810,9 @@ public class SubscriptionController extends ISub.Stub { 


            if (DBG) logdl("[addSubInfoRecord]- info size=" + mSlotIdxToSubId.size());

            return 0;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -822,6 +873,9 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            ContentValues value = new ContentValues(1);

            value.put(SubscriptionManager.CARRIER_NAME, text);
@@ -830,6 +884,9 @@ public class SubscriptionController extends ISub.Stub { 
            notifySubscriptionInfoChanged();



            return result;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -846,6 +903,9 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            validateSubId(subId);

            ContentValues value = new ContentValues(1);

            value.put(SubscriptionManager.COLOR, tint);
@@ -856,6 +916,9 @@ public class SubscriptionController extends ISub.Stub { 
            notifySubscriptionInfoChanged();



            return result;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -889,6 +952,9 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            validateSubId(subId);

            String nameToSet;

            if (displayName == null) {
@@ -909,6 +975,9 @@ public class SubscriptionController extends ISub.Stub { 
            notifySubscriptionInfoChanged();



            return result;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -926,6 +995,9 @@ public class SubscriptionController extends ISub.Stub { 
            return -1;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            validateSubId(subId);

            int result;

            int phoneId = getPhoneId(subId);
@@ -949,6 +1021,9 @@ public class SubscriptionController extends ISub.Stub { 
            notifySubscriptionInfoChanged();



            return result;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -966,6 +1041,9 @@ public class SubscriptionController extends ISub.Stub { 
            return -1;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            validateSubId(subId);

            if (roaming < 0) {

                if (DBG) logd("[setDataRoaming]- fail");
@@ -980,6 +1058,9 @@ public class SubscriptionController extends ISub.Stub { 
            notifySubscriptionInfoChanged();



            return result;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    /**
@@ -1180,6 +1261,9 @@ public class SubscriptionController extends ISub.Stub { 
            return 0;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            if (DBG) logd("[clearSubInfo]+");



            int size = mSlotIdxToSubId.size();
@@ -1192,6 +1276,9 @@ public class SubscriptionController extends ISub.Stub { 
            mSlotIdxToSubId.clear();

            if (DBG) logdl("[clearSubInfo]- clear size=" + size);

            return size;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    private void logvl(String msg) {
@@ -1416,7 +1503,11 @@ public class SubscriptionController extends ISub.Stub { 
            return;

        }



        final List<SubscriptionInfo> records = getActiveSubscriptionInfoList(callingPackage);

        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            final List<SubscriptionInfo> records = getActiveSubscriptionInfoList(

                    mContext.getOpPackageName());

            if (DBG) logdl("[clearDefaultsForInactiveSubIds] records: " + records);

            if (shouldDefaultBeCleared(records, getDefaultDataSubId())) {

                if (DBG) logd("[clearDefaultsForInactiveSubIds] clearing default data sub id");
@@ -1430,6 +1521,9 @@ public class SubscriptionController extends ISub.Stub { 
                if (DBG) logdl("[clearDefaultsForInactiveSubIds] clearing default voice sub id");

                setDefaultVoiceSubId(SubscriptionManager.INVALID_SUBSCRIPTION_ID);

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    private boolean shouldDefaultBeCleared(List<SubscriptionInfo> records, int subId) {
@@ -1477,6 +1571,9 @@ public class SubscriptionController extends ISub.Stub { 
            return null;

        }



        // Now that all security checks passes, perform the operation as ourselves.

        final long identity = Binder.clearCallingIdentity();

        try {

            if (slotId == SubscriptionManager.DEFAULT_SIM_SLOT_INDEX) {

                slotId = getSlotId(getDefaultSubId());

            }
@@ -1498,10 +1595,8 @@ public class SubscriptionController extends ISub.Stub { 
                if (cursor != null) {

                    while (cursor.moveToNext()) {

                        SubscriptionInfo subInfo = getSubInfoRecord(cursor);

                    if (subInfo != null)

                    {

                        if (subList == null)

                        {

                        if (subInfo != null) {

                            if (subList == null) {

                                subList = new ArrayList<SubscriptionInfo>();

                            }

                            subList.add(subInfo);
@@ -1516,6 +1611,9 @@ public class SubscriptionController extends ISub.Stub { 
            if (DBG) logd("[getSubInfoUsingSlotId]- null info return");



            return subList;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    private void validateSubId(int subId) {