Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38663c6a authored by Chen Xu's avatar Chen Xu
Browse files

missing permission check to access multi_sim_data_call settings 

this private settings can be accessed from alternative API
SubscriptionManager.getPreferredDataSubscriptionId which requires
READ_PRIVILEGED_PHONE_STATE permission. Add additional permission
check for settings access to avoid any potential security holes.
note: the alernative API from SubscriptionManager is also a hidden
one, without the public alertnative API we have to handle app-compat
properly to avoid breaking apks targeting previous SDKs.

Bug: 172670679
Test: Manual
Change-Id: If527f375da33cc6c30c6513c82bf529209da277a
parent 666d4451

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+25 −0
Original line number Diff line number Diff line
@@ -34,8 +34,11 @@ import android.annotation.Nullable; 
import android.app.ActivityManager;

import android.app.AppGlobals;

import android.app.backup.BackupManager;

import android.app.compat.CompatChanges;

import android.app.job.JobInfo;

import android.app.job.JobScheduler;

import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledSince;

import android.content.BroadcastReceiver;

import android.content.ComponentName;

import android.content.ContentProvider;
@@ -350,6 +353,9 @@ public class SettingsProvider extends ContentProvider { 
    public static String keyToString(int key) {

        return SettingsState.keyToString(key);

    }

    @ChangeId

    @EnabledSince(targetSdkVersion=android.os.Build.VERSION_CODES.S)

    private static final long ENFORCE_READ_PERMISSION_FOR_MULTI_SIM_DATA_CALL = 172670679L;



    @Override

    public boolean onCreate() {
@@ -1950,6 +1956,25 @@ public class SettingsProvider extends ContentProvider { 
            // Skip checking readable annotations for test_only apps

            checkReadableAnnotation(settingsType, settingName);

        }

        /**

         * some settings need additional permission check, this is to have a matching security

         * control from other API alternatives returning the same settings values.

         * note, the permission enforcement should be based on app's targetSDKlevel to better handle

         * app-compat.

         */

        switch (settingName) {

            // missing READ_PRIVILEGED_PHONE_STATE permission protection

            // see alternative API {@link SubscriptionManager#getPreferredDataSubscriptionId()

            case Settings.Global.MULTI_SIM_DATA_CALL_SUBSCRIPTION:

                // app-compat handling, not break apps targeting on previous SDKs.

                if (CompatChanges.isChangeEnabled(

                        ENFORCE_READ_PERMISSION_FOR_MULTI_SIM_DATA_CALL)) {

                    getContext().enforceCallingOrSelfPermission(

                            Manifest.permission.READ_PRIVILEGED_PHONE_STATE,

                            "access global settings MULTI_SIM_DATA_CALL_SUBSCRIPTION");

                }

                break;

        }

        if (!ai.isInstantApp()) {

            return;

        }