Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0dbc35d1 authored by Michael Groover's avatar Michael Groover
Browse files

Add DeviceConfig switch to disable new dev ID access restrictions 

Bug: 117781266
Test: Manually verified new device ID access restrictions were disabled
      when the new switch was set to true.

Change-Id: I59570471acc8dd470eff837f50372d07c88c5035
parent 6f6ab378

core/java/android/provider/DeviceConfig.java

+8 −0
Original line number Diff line number Diff line
@@ -209,6 +209,14 @@ public final class DeviceConfig { 
         * Whether to show location access check notifications.

         */

        String PROPERTY_LOCATION_ACCESS_CHECK_ENABLED = "location_access_check_enabled";



        /**

         * Whether to disable the new device identifier access restrictions.

         *

         * @hide

         */

        String PROPERTY_DEVICE_IDENTIFIER_ACCESS_RESTRICTIONS_DISABLED =

                "device_identifier_access_restrictions_disabled";

    }



    /**

telephony/java/com/android/internal/telephony/TelephonyPermissions.java

+13 −3
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ import android.os.Process; 
import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.UserHandle;

import android.provider.DeviceConfig;

import android.provider.Settings;

import android.telephony.Rlog;

import android.telephony.SubscriptionManager;
@@ -319,9 +320,10 @@ public final class TelephonyPermissions { 
        // The new Q restrictions for device identifier access will be enforced for all apps with

        // settings to individually disable the new restrictions for privileged, preloaded

        // non-privileged, and 3P apps.

        if ((!is3PApp && !isNonPrivApp && !relaxPrivDeviceIdentifierCheck)

        if (!isIdentifierCheckDisabled() && (

                (!is3PApp && !isNonPrivApp && !relaxPrivDeviceIdentifierCheck)

                        || (is3PApp && !relax3PDeviceIdentifierCheck)

                || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck)) {

                        || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck))) {

            Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message

                    + ":is3PApp=" + is3PApp + ":isNonPrivApp=" + isNonPrivApp);

            // if the target SDK is pre-Q then check if the calling package would have previously
@@ -347,6 +349,14 @@ public final class TelephonyPermissions { 
        }

    }



    /**

     * Returns true if the new device identifier access restrictions are disabled.

     */

    private static boolean isIdentifierCheckDisabled() {

        return Boolean.parseBoolean(DeviceConfig.getProperty(DeviceConfig.Privacy.NAMESPACE,

                DeviceConfig.Privacy.PROPERTY_DEVICE_IDENTIFIER_ACCESS_RESTRICTIONS_DISABLED));

    }



    /**

     * Check whether the app with the given pid/uid can read the call log.

     * @return {@code true} if the specified app has the read call log permission and AppOpp granted