Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2452a35a authored by hyosun's avatar hyosun
Browse files

To read the Group UUID, the Caller must also have the... 

To read the Group UUID, the Caller must also have the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.

If the app has only the READ_PHONE_STATE permission, it can no longer read the group UUID. When SubscriptionManager#getSubscriptionsInGroup is called, check if the caller has the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.

Bug: b/213902861
Test: atest SubscriptionManagerTest, SubscriptionControllerTest
Test: Manual
1. Install app-debug.apk from comment#9
2. Enter the group uuid from comment#3
3. Check securityException has occurred.

Change-Id: Iaa54936797204f9b2ed2ad7f63b8b6d7b71116f2
parent fdebeaa8

telephony/java/android/telephony/SubscriptionManager.java

+13 −2
Original line number Diff line number Diff line
@@ -3426,10 +3426,21 @@ public class SubscriptionManager { 
     * Get subscriptionInfo list of subscriptions that are in the same group of given subId.

     * See {@link #createSubscriptionGroup(List)} for more details.

     *

     * Caller will either have {@link android.Manifest.permission#READ_PHONE_STATE}

     * permission or had carrier privilege permission on the subscription.

     * Caller must have {@link android.Manifest.permission#READ_PHONE_STATE}

     * or carrier privilege permission on the subscription.

     * {@link TelephonyManager#hasCarrierPrivileges()}

     *

     * <p>Starting with API level 33, the caller needs the additional permission

     * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER}

     * to get the list of subscriptions associated with a group UUID.

     * This method can be invoked if one of the following requirements is met:

     * <ul>

     *     <li>If the app has carrier privilege permission.

     *     {@link TelephonyManager#hasCarrierPrivileges()}

     *     <li>If the app has {@link android.Manifest.permission#READ_PHONE_STATE} and

     *     {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission.

     * </ul>

     *

     * @throws IllegalStateException if Telephony service is in bad state.

     * @throws SecurityException if the caller doesn't meet the requirements

     *             outlined above.