Loading core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -165,6 +165,7 @@ package android { field public static final String USE_BIOMETRIC = "android.permission.USE_BIOMETRIC"; field @Deprecated public static final String USE_FINGERPRINT = "android.permission.USE_FINGERPRINT"; field public static final String USE_FULL_SCREEN_INTENT = "android.permission.USE_FULL_SCREEN_INTENT"; field public static final String USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER"; field public static final String USE_SIP = "android.permission.USE_SIP"; field public static final String VIBRATE = "android.permission.VIBRATE"; field public static final String WAKE_LOCK = "android.permission.WAKE_LOCK"; core/api/test-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -216,6 +216,7 @@ package android.app { field public static final String KEY_FG_SERVICE_STATE_SETTLE_TIME = "fg_service_state_settle_time"; field public static final String KEY_TOP_STATE_SETTLE_TIME = "top_state_settle_time"; field public static final String OPSTR_MANAGE_ONGOING_CALLS = "android:manage_ongoing_calls"; field public static final String OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android:use_icc_auth_with_device_identifier"; field public static final int OP_COARSE_LOCATION = 0; // 0x0 field public static final int OP_RECORD_AUDIO = 27; // 0x1b field public static final int OP_START_FOREGROUND = 76; // 0x4c Loading core/java/android/app/AppOpsManager.java +23 −1 Original line number Diff line number Diff line Loading @@ -1165,9 +1165,13 @@ public class AppOpsManager { */ public static final int OP_MANAGE_CREDENTIALS = AppProtoEnums.APP_OP_MANAGE_CREDENTIALS; /** @hide */ public static final int OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = AppProtoEnums.APP_OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER; /** @hide */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public static final int _NUM_OP = 105; public static final int _NUM_OP = 106; /** Access to coarse location information. */ public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; Loading Loading @@ -1525,6 +1529,15 @@ public class AppOpsManager { */ public static final String OPSTR_MANAGE_CREDENTIALS = "android:manage_credentials"; /** * Allows to read device identifiers and use ICC based authentication like EAP-AKA. * * @hide */ @TestApi public static final String OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android:use_icc_auth_with_device_identifier"; /** {@link #sAppOpsToNote} not initialized yet for this op */ private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0; /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */ Loading Loading @@ -1604,6 +1617,7 @@ public class AppOpsManager { OP_INTERACT_ACROSS_PROFILES, OP_LOADER_USAGE_STATS, OP_MANAGE_ONGOING_CALLS, OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -1720,6 +1734,7 @@ public class AppOpsManager { OP_RECORD_AUDIO_HOTWORD, // RECORD_AUDIO_HOTWORD OP_MANAGE_ONGOING_CALLS, // MANAGE_ONGOING_CALLS OP_MANAGE_CREDENTIALS, // MANAGE_CREDENTIALS OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -1831,6 +1846,7 @@ public class AppOpsManager { OPSTR_RECORD_AUDIO_HOTWORD, OPSTR_MANAGE_ONGOING_CALLS, OPSTR_MANAGE_CREDENTIALS, OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -1943,6 +1959,7 @@ public class AppOpsManager { "RECORD_AUDIO_HOTWORD", "MANAGE_ONGOING_CALLS", "MANAGE_CREDENTIALS", "USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER", }; /** Loading Loading @@ -2056,6 +2073,7 @@ public class AppOpsManager { null, // no permission for OP_RECORD_AUDIO_HOTWORD Manifest.permission.MANAGE_ONGOING_CALLS, null, // no permission for OP_MANAGE_CREDENTIALS Manifest.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -2169,6 +2187,7 @@ public class AppOpsManager { null, // RECORD_AUDIO_HOTWORD null, // MANAGE_ONGOING_CALLS null, // MANAGE_CREDENTIALS null, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2281,6 +2300,7 @@ public class AppOpsManager { null, // RECORD_AUDIO_HOTWORD null, // MANAGE_ONGOING_CALLS null, // MANAGE_CREDENTIALS null, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2392,6 +2412,7 @@ public class AppOpsManager { AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD AppOpsManager.MODE_DEFAULT, // MANAGE_ONGOING_CALLS AppOpsManager.MODE_DEFAULT, // MANAGE_CREDENTIALS AppOpsManager.MODE_DEFAULT, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2507,6 +2528,7 @@ public class AppOpsManager { false, // RECORD_AUDIO_HOTWORD true, // MANAGE_ONGOING_CALLS false, // MANAGE_CREDENTIALS true, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading core/res/AndroidManifest.xml +7 −0 Original line number Diff line number Diff line Loading @@ -2212,6 +2212,13 @@ <permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" android:protectionLevel="signature|privileged" /> <!-- Allows to read device identifiers and use ICC based authentication like EAP-AKA. Often required in authentication to access the carrier's server and manage services of the subscriber. <p>Protection level: signature|appop --> <permission android:name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" android:protectionLevel="signature|appop" /> <!-- @SystemApi Allows read access to emergency number information for ongoing calls or SMS sessions. @hide Used internally. --> Loading telephony/common/com/android/internal/telephony/TelephonyPermissions.java +34 −2 Original line number Diff line number Diff line Loading @@ -244,7 +244,9 @@ public final class TelephonyPermissions { * <ul> * <li>return true: if the caller has the READ_PRIVILEGED_PHONE_STATE permission, the calling * package passes a DevicePolicyManager Device Owner / Profile Owner device identifier * access check, or the calling package has carrier privileges on any active subscription. * access check, or the calling package has carrier privileges on any active * subscription, or the calling package has the {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} appop permission. * <li>throw SecurityException: if the caller does not meet any of the requirements and is * targeting Q or is targeting pre-Q and does not have the READ_PHONE_STATE permission * or carrier privileges of any active subscription. Loading @@ -256,6 +258,10 @@ public final class TelephonyPermissions { */ public static boolean checkCallingOrSelfReadDeviceIdentifiers(Context context, int subId, String callingPackage, @Nullable String callingFeatureId, String message) { if (checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } return checkPrivilegedReadPermissionOrCarrierPrivilegePermission( context, subId, callingPackage, callingFeatureId, message, true); } Loading @@ -267,7 +273,9 @@ public final class TelephonyPermissions { * <ul> * <li>return true: if the caller has the READ_PRIVILEGED_PHONE_STATE permission, the calling * package passes a DevicePolicyManager Device Owner / Profile Owner device identifier * access check, or the calling package has carrier privileges on specified subscription. * access check, or the calling package has carrier privileges on specified subscription, * or the calling package has the {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} appop permission. * <li>throw SecurityException: if the caller does not meet any of the requirements and is * targeting Q or is targeting pre-Q and does not have the READ_PHONE_STATE permission. * <li>return false: if the caller is targeting pre-Q and does have the READ_PHONE_STATE Loading @@ -278,6 +286,10 @@ public final class TelephonyPermissions { */ public static boolean checkCallingOrSelfReadSubscriberIdentifiers(Context context, int subId, String callingPackage, @Nullable String callingFeatureId, String message) { if (checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } return checkPrivilegedReadPermissionOrCarrierPrivilegePermission( context, subId, callingPackage, callingFeatureId, message, false); } Loading Loading @@ -384,6 +396,26 @@ public final class TelephonyPermissions { + " does not meet the requirements to access device identifiers."); } /** * Check whether the caller (or self, if not processing an IPC) has {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} AppOp permission. * * <p>With the permission, the caller can access device/subscriber identifiers and use ICC * authentication like EAP-AKA. */ public static boolean checkCallingOrSelfUseIccAuthWithDeviceIdentifier(Context context, String callingPackage, String callingFeatureId, String message) { // Cannot perform appop check if the calling package is null if (callingPackage == null) { return false; } int callingUid = Binder.getCallingUid(); AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); int opMode = appOps.noteOpNoThrow(AppOpsManager.OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, callingUid, callingPackage, callingFeatureId, message); return opMode == AppOpsManager.MODE_ALLOWED; } /** * Check whether the app with the given pid/uid can read the call log. * @return {@code true} if the specified app has the read call log permission and AppOpp granted Loading Loading
core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -165,6 +165,7 @@ package android { field public static final String USE_BIOMETRIC = "android.permission.USE_BIOMETRIC"; field @Deprecated public static final String USE_FINGERPRINT = "android.permission.USE_FINGERPRINT"; field public static final String USE_FULL_SCREEN_INTENT = "android.permission.USE_FULL_SCREEN_INTENT"; field public static final String USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER"; field public static final String USE_SIP = "android.permission.USE_SIP"; field public static final String VIBRATE = "android.permission.VIBRATE"; field public static final String WAKE_LOCK = "android.permission.WAKE_LOCK";
core/api/test-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -216,6 +216,7 @@ package android.app { field public static final String KEY_FG_SERVICE_STATE_SETTLE_TIME = "fg_service_state_settle_time"; field public static final String KEY_TOP_STATE_SETTLE_TIME = "top_state_settle_time"; field public static final String OPSTR_MANAGE_ONGOING_CALLS = "android:manage_ongoing_calls"; field public static final String OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android:use_icc_auth_with_device_identifier"; field public static final int OP_COARSE_LOCATION = 0; // 0x0 field public static final int OP_RECORD_AUDIO = 27; // 0x1b field public static final int OP_START_FOREGROUND = 76; // 0x4c Loading
core/java/android/app/AppOpsManager.java +23 −1 Original line number Diff line number Diff line Loading @@ -1165,9 +1165,13 @@ public class AppOpsManager { */ public static final int OP_MANAGE_CREDENTIALS = AppProtoEnums.APP_OP_MANAGE_CREDENTIALS; /** @hide */ public static final int OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = AppProtoEnums.APP_OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER; /** @hide */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public static final int _NUM_OP = 105; public static final int _NUM_OP = 106; /** Access to coarse location information. */ public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; Loading Loading @@ -1525,6 +1529,15 @@ public class AppOpsManager { */ public static final String OPSTR_MANAGE_CREDENTIALS = "android:manage_credentials"; /** * Allows to read device identifiers and use ICC based authentication like EAP-AKA. * * @hide */ @TestApi public static final String OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android:use_icc_auth_with_device_identifier"; /** {@link #sAppOpsToNote} not initialized yet for this op */ private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0; /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */ Loading Loading @@ -1604,6 +1617,7 @@ public class AppOpsManager { OP_INTERACT_ACROSS_PROFILES, OP_LOADER_USAGE_STATS, OP_MANAGE_ONGOING_CALLS, OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -1720,6 +1734,7 @@ public class AppOpsManager { OP_RECORD_AUDIO_HOTWORD, // RECORD_AUDIO_HOTWORD OP_MANAGE_ONGOING_CALLS, // MANAGE_ONGOING_CALLS OP_MANAGE_CREDENTIALS, // MANAGE_CREDENTIALS OP_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -1831,6 +1846,7 @@ public class AppOpsManager { OPSTR_RECORD_AUDIO_HOTWORD, OPSTR_MANAGE_ONGOING_CALLS, OPSTR_MANAGE_CREDENTIALS, OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -1943,6 +1959,7 @@ public class AppOpsManager { "RECORD_AUDIO_HOTWORD", "MANAGE_ONGOING_CALLS", "MANAGE_CREDENTIALS", "USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER", }; /** Loading Loading @@ -2056,6 +2073,7 @@ public class AppOpsManager { null, // no permission for OP_RECORD_AUDIO_HOTWORD Manifest.permission.MANAGE_ONGOING_CALLS, null, // no permission for OP_MANAGE_CREDENTIALS Manifest.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, }; /** Loading Loading @@ -2169,6 +2187,7 @@ public class AppOpsManager { null, // RECORD_AUDIO_HOTWORD null, // MANAGE_ONGOING_CALLS null, // MANAGE_CREDENTIALS null, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2281,6 +2300,7 @@ public class AppOpsManager { null, // RECORD_AUDIO_HOTWORD null, // MANAGE_ONGOING_CALLS null, // MANAGE_CREDENTIALS null, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2392,6 +2412,7 @@ public class AppOpsManager { AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD AppOpsManager.MODE_DEFAULT, // MANAGE_ONGOING_CALLS AppOpsManager.MODE_DEFAULT, // MANAGE_CREDENTIALS AppOpsManager.MODE_DEFAULT, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading Loading @@ -2507,6 +2528,7 @@ public class AppOpsManager { false, // RECORD_AUDIO_HOTWORD true, // MANAGE_ONGOING_CALLS false, // MANAGE_CREDENTIALS true, // USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER }; /** Loading
core/res/AndroidManifest.xml +7 −0 Original line number Diff line number Diff line Loading @@ -2212,6 +2212,13 @@ <permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" android:protectionLevel="signature|privileged" /> <!-- Allows to read device identifiers and use ICC based authentication like EAP-AKA. Often required in authentication to access the carrier's server and manage services of the subscriber. <p>Protection level: signature|appop --> <permission android:name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" android:protectionLevel="signature|appop" /> <!-- @SystemApi Allows read access to emergency number information for ongoing calls or SMS sessions. @hide Used internally. --> Loading
telephony/common/com/android/internal/telephony/TelephonyPermissions.java +34 −2 Original line number Diff line number Diff line Loading @@ -244,7 +244,9 @@ public final class TelephonyPermissions { * <ul> * <li>return true: if the caller has the READ_PRIVILEGED_PHONE_STATE permission, the calling * package passes a DevicePolicyManager Device Owner / Profile Owner device identifier * access check, or the calling package has carrier privileges on any active subscription. * access check, or the calling package has carrier privileges on any active * subscription, or the calling package has the {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} appop permission. * <li>throw SecurityException: if the caller does not meet any of the requirements and is * targeting Q or is targeting pre-Q and does not have the READ_PHONE_STATE permission * or carrier privileges of any active subscription. Loading @@ -256,6 +258,10 @@ public final class TelephonyPermissions { */ public static boolean checkCallingOrSelfReadDeviceIdentifiers(Context context, int subId, String callingPackage, @Nullable String callingFeatureId, String message) { if (checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } return checkPrivilegedReadPermissionOrCarrierPrivilegePermission( context, subId, callingPackage, callingFeatureId, message, true); } Loading @@ -267,7 +273,9 @@ public final class TelephonyPermissions { * <ul> * <li>return true: if the caller has the READ_PRIVILEGED_PHONE_STATE permission, the calling * package passes a DevicePolicyManager Device Owner / Profile Owner device identifier * access check, or the calling package has carrier privileges on specified subscription. * access check, or the calling package has carrier privileges on specified subscription, * or the calling package has the {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} appop permission. * <li>throw SecurityException: if the caller does not meet any of the requirements and is * targeting Q or is targeting pre-Q and does not have the READ_PHONE_STATE permission. * <li>return false: if the caller is targeting pre-Q and does have the READ_PHONE_STATE Loading @@ -278,6 +286,10 @@ public final class TelephonyPermissions { */ public static boolean checkCallingOrSelfReadSubscriberIdentifiers(Context context, int subId, String callingPackage, @Nullable String callingFeatureId, String message) { if (checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } return checkPrivilegedReadPermissionOrCarrierPrivilegePermission( context, subId, callingPackage, callingFeatureId, message, false); } Loading Loading @@ -384,6 +396,26 @@ public final class TelephonyPermissions { + " does not meet the requirements to access device identifiers."); } /** * Check whether the caller (or self, if not processing an IPC) has {@link * Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} AppOp permission. * * <p>With the permission, the caller can access device/subscriber identifiers and use ICC * authentication like EAP-AKA. */ public static boolean checkCallingOrSelfUseIccAuthWithDeviceIdentifier(Context context, String callingPackage, String callingFeatureId, String message) { // Cannot perform appop check if the calling package is null if (callingPackage == null) { return false; } int callingUid = Binder.getCallingUid(); AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); int opMode = appOps.noteOpNoThrow(AppOpsManager.OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER, callingUid, callingPackage, callingFeatureId, message); return opMode == AppOpsManager.MODE_ALLOWED; } /** * Check whether the app with the given pid/uid can read the call log. * @return {@code true} if the specified app has the read call log permission and AppOpp granted Loading
