From 2452a35a122b6eb35c1ed7c73931b1eb174d9fb6 Mon Sep 17 00:00:00 2001
From: hyosun <hyosunkim@google.com>
Date: Tue, 26 Apr 2022 13:24:27 +0000
Subject: [PATCH] To read the Group UUID, the Caller must also have the
 USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.

If the app has only the READ_PHONE_STATE permission, it can no longer read the group UUID. When SubscriptionManager#getSubscriptionsInGroup is called, check if the caller has the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.

Bug: b/213902861
Test: atest SubscriptionManagerTest, SubscriptionControllerTest
Test: Manual
1. Install app-debug.apk from comment#9
2. Enter the group uuid from comment#3
3. Check securityException has occurred.

Change-Id: Iaa54936797204f9b2ed2ad7f63b8b6d7b71116f2
---
 .../android/telephony/SubscriptionManager.java    | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/telephony/java/android/telephony/SubscriptionManager.java b/telephony/java/android/telephony/SubscriptionManager.java
index d07d8097bce4..2337a5aae467 100644
--- a/telephony/java/android/telephony/SubscriptionManager.java
+++ b/telephony/java/android/telephony/SubscriptionManager.java
@@ -3426,10 +3426,21 @@ public class SubscriptionManager {
      * Get subscriptionInfo list of subscriptions that are in the same group of given subId.
      * See {@link #createSubscriptionGroup(List)} for more details.
      *
-     * Caller will either have {@link android.Manifest.permission#READ_PHONE_STATE}
-     * permission or had carrier privilege permission on the subscription.
+     * Caller must have {@link android.Manifest.permission#READ_PHONE_STATE}
+     * or carrier privilege permission on the subscription.
      * {@link TelephonyManager#hasCarrierPrivileges()}
      *
+     * <p>Starting with API level 33, the caller needs the additional permission
+     * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER}
+     * to get the list of subscriptions associated with a group UUID.
+     * This method can be invoked if one of the following requirements is met:
+     * <ul>
+     *     <li>If the app has carrier privilege permission.
+     *     {@link TelephonyManager#hasCarrierPrivileges()}
+     *     <li>If the app has {@link android.Manifest.permission#READ_PHONE_STATE} and
+     *     {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission.
+     * </ul>
+     *
      * @throws IllegalStateException if Telephony service is in bad state.
      * @throws SecurityException if the caller doesn't meet the requirements
      *             outlined above.
-- 
GitLab