Merge "Security fix: enforce read privilege permission to check package...

    method @RequiresPermission(anyOf={android.Manifest.permission.MODIFY_PHONE_STATE, android.Manifest.permission.PERFORM_IMS_SINGLE_REGISTRATION}) @WorkerThread public void bootstrapAuthenticationRequest(int, @NonNull android.net.Uri, @NonNull android.telephony.gba.UaSecurityProtocolIdentifier, boolean, @NonNull java.util.concurrent.Executor, @NonNull android.telephony.TelephonyManager.BootstrapAuthenticationCallback);

    method @Deprecated @RequiresPermission(android.Manifest.permission.CALL_PHONE) public void call(String, String);

    method @NonNull @RequiresPermission(android.Manifest.permission.MODIFY_PHONE_STATE) public android.telephony.PinResult changeIccLockPin(@NonNull String, @NonNull String);

    method public int checkCarrierPrivilegesForPackage(String);

    method public int checkCarrierPrivilegesForPackageAnyPhone(String);

    method @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public int checkCarrierPrivilegesForPackage(String);

    method @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public int checkCarrierPrivilegesForPackageAnyPhone(String);

    method public void dial(String);

    method @RequiresPermission(android.Manifest.permission.MODIFY_PHONE_STATE) public boolean disableDataConnectivity();

    method @RequiresPermission(android.Manifest.permission.MODIFY_PHONE_STATE) public boolean enableDataConnectivity();

    method @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public void getCallWaitingStatus(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Integer>);

    method @Nullable @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public android.telephony.ImsiEncryptionInfo getCarrierInfoForImsiEncryption(int);

    method public java.util.List<java.lang.String> getCarrierPackageNamesForIntent(android.content.Intent);

    method public java.util.List<java.lang.String> getCarrierPackageNamesForIntentAndPhone(android.content.Intent, int);

    method @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public java.util.List<java.lang.String> getCarrierPackageNamesForIntentAndPhone(android.content.Intent, int);

    method @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public int getCarrierPrivilegeStatus(int);

    method @NonNull @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public java.util.List<java.lang.String> getCarrierPrivilegedPackagesForAllActiveSubscriptions();

    method @Nullable @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public android.telephony.CarrierRestrictionRules getCarrierRestrictionRules();

import android.app.admin.DevicePolicyManagerInternal;

import android.content.Context;

import android.content.pm.PackageManager;

import android.os.Binder;

import android.os.Process;

import android.os.UserHandle;

import android.telephony.TelephonyManager;

                DevicePolicyManagerInternal.class);

        final TelephonyManager tm = (TelephonyManager)

                context.getSystemService(Context.TELEPHONY_SERVICE);

        boolean hasCarrierPrivileges = tm != null &&

                tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) ==

                        TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;

        boolean hasCarrierPrivileges;

        final long token = Binder.clearCallingIdentity();

        try {

            hasCarrierPrivileges = tm != null

                    && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)

                            == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;

        } finally {

            Binder.restoreCallingIdentity(token);

        }

        final boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid);

        final int appId = UserHandle.getAppId(callingUid);

        if (hasCarrierPrivileges || isDeviceOwner

        }

        // For carrier privileges, this can include user-installed apps. This is essentially a

        // function of the current active SIM(s) in the device to let carrier apps through.

        final long token = Binder.clearCallingIdentity();

        try {

            if (checkCarrierPrivileges

                    && mTelephonyManager.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)

                            == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {

                return;

            }

        } finally {

            Binder.restoreCallingIdentity(token);

        }

        String message =

                callingPackage

    /** @hide */

    @SystemApi

    @SuppressLint("RequiresPermission")

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public int checkCarrierPrivilegesForPackage(String pkgName) {

        try {

            ITelephony telephony = getITelephony();

    /** @hide */

    @SystemApi

    @SuppressLint("RequiresPermission")

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public int checkCarrierPrivilegesForPackageAnyPhone(String pkgName) {

        try {

            ITelephony telephony = getITelephony();

    /** @hide */

    @SystemApi

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public List<String> getCarrierPackageNamesForIntentAndPhone(Intent intent, int phoneId) {

        try {

            ITelephony telephony = getITelephony();

    }

    /** @hide */

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public List<String> getPackagesWithCarrierPrivileges() {

        try {

            ITelephony telephony = getITelephony();

    /**

     * Similar to above, but check for the package whose name is pkgName.

     * Requires that the calling app has READ_PRIVILEGED_PHONE_STATE permission

     */

    int checkCarrierPrivilegesForPackage(int subId, String pkgName);

    /**

     * Similar to above, but check across all phones.

     * Requires that the calling app has READ_PRIVILEGED_PHONE_STATE permission

     */

    int checkCarrierPrivilegesForPackageAnyPhone(String pkgName);

     * Returns list of the package names of the carrier apps that should handle the input intent

     * and have carrier privileges for the given phoneId.

     *

     * Requires that the calling app has READ_PRIVILEGED_PHONE_STATE permission

     *

     * @param intent Intent that will be sent.

     * @param phoneId The phoneId on which the carrier app has carrier privileges.

     * @return list of carrier app package names that can handle the intent on phoneId.

    /**

     * Returns a list of packages that have carrier privileges for the specific phone.

     * Requires that the calling app has READ_PRIVILEGED_PHONE_STATE permission

     */

    List<String> getPackagesWithCarrierPrivileges(int phoneId);

     /**

      * Returns a list of packages that have carrier privileges.

      * Requires that the calling app has READ_PRIVILEGED_PHONE_STATE permission

      */

    List<String> getPackagesWithCarrierPrivilegesForAllPhones();