Loading telephony/java/com/android/internal/telephony/TelephonyPermissions.java +36 −21 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ import android.os.UserHandle; import android.telephony.Rlog; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; Loading @@ -43,6 +44,10 @@ public final class TelephonyPermissions { private static final boolean DBG = false; // When set to true this flag will treat all apps that fail the device identifier check as // though they are targeting pre-Q and return dummy data instead of throwing a SecurityException private static final boolean RELAX_DEVICE_IDENTIFIER_CHECK = true; private static final Supplier<ITelephony> TELEPHONY_SUPPLIER = () -> ITelephony.Stub.asInterface(ServiceManager.getService(Context.TELEPHONY_SERVICE)); Loading Loading @@ -275,15 +280,24 @@ public final class TelephonyPermissions { */ private static boolean reportAccessDeniedToReadIdentifiers(Context context, int subId, int pid, int uid, String callingPackage, String message) { // if the device identifier check is relaxed then just return false to return dummy data to // the caller instead of throwing a SecurityException for apps targeting Q+. if (RELAX_DEVICE_IDENTIFIER_CHECK) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); return false; } else { if (callingPackage != null) { try { // if the target SDK is pre-Q then check if the calling package would have // previously had access to device identifiers. ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( callingPackage, 0); if (callingPackageInfo != null && callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q) { if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, uid) == PackageManager.PERMISSION_GRANTED) { return false; } Loading @@ -294,13 +308,14 @@ public final class TelephonyPermissions { } } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then default // to throwing the SecurityException. // If the application info for the calling package could not be found then // default to throwing the SecurityException. } } throw new SecurityException(message + ": The user " + uid + " does not have the " + "READ_PRIVILEGED_PHONE_STATE permission to access the device identifiers"); } } /** * Check whether the app with the given pid/uid can read the call log. Loading Loading
telephony/java/com/android/internal/telephony/TelephonyPermissions.java +36 −21 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ import android.os.UserHandle; import android.telephony.Rlog; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; Loading @@ -43,6 +44,10 @@ public final class TelephonyPermissions { private static final boolean DBG = false; // When set to true this flag will treat all apps that fail the device identifier check as // though they are targeting pre-Q and return dummy data instead of throwing a SecurityException private static final boolean RELAX_DEVICE_IDENTIFIER_CHECK = true; private static final Supplier<ITelephony> TELEPHONY_SUPPLIER = () -> ITelephony.Stub.asInterface(ServiceManager.getService(Context.TELEPHONY_SERVICE)); Loading Loading @@ -275,15 +280,24 @@ public final class TelephonyPermissions { */ private static boolean reportAccessDeniedToReadIdentifiers(Context context, int subId, int pid, int uid, String callingPackage, String message) { // if the device identifier check is relaxed then just return false to return dummy data to // the caller instead of throwing a SecurityException for apps targeting Q+. if (RELAX_DEVICE_IDENTIFIER_CHECK) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); return false; } else { if (callingPackage != null) { try { // if the target SDK is pre-Q then check if the calling package would have // previously had access to device identifiers. ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( callingPackage, 0); if (callingPackageInfo != null && callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q) { if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, uid) == PackageManager.PERMISSION_GRANTED) { return false; } Loading @@ -294,13 +308,14 @@ public final class TelephonyPermissions { } } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then default // to throwing the SecurityException. // If the application info for the calling package could not be found then // default to throwing the SecurityException. } } throw new SecurityException(message + ": The user " + uid + " does not have the " + "READ_PRIVILEGED_PHONE_STATE permission to access the device identifiers"); } } /** * Check whether the app with the given pid/uid can read the call log. Loading
