Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c6d7d7d authored by Sarah Chin's avatar Sarah Chin Committed by Automerger Merge Worker
Browse files

Merge "Update carrier privilege check in enforceSubscriptionPlanAccess" am: 958f9efb 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1663446

Change-Id: I7bd37f0acb7f939b9fc0311ac0365be3e8587823
parents a61b23b8 958f9efb

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+5 −9
Original line number Original line Diff line number Diff line
@@ -3201,24 +3201,20 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
        // Verify they're not lying about package name

        // Verify they're not lying about package name

        mAppOps.checkPackage(callingUid, callingPackage);

        mAppOps.checkPackage(callingUid, callingPackage);





        final SubscriptionManager sm;

        final SubscriptionInfo si;

        final PersistableBundle config;

        final PersistableBundle config;

        final TelephonyManager tm;

        final long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

        try {

            sm = mContext.getSystemService(SubscriptionManager.class);

            si = sm.getActiveSubscriptionInfo(subId);

            config = mCarrierConfigManager.getConfigForSubId(subId);

            config = mCarrierConfigManager.getConfigForSubId(subId);

            tm = mContext.getSystemService(TelephonyManager.class);

        } finally {

        } finally {

            Binder.restoreCallingIdentity(token);

            Binder.restoreCallingIdentity(token);

        }

        }





        // First check: is caller the CarrierService?

        // First check: does caller have carrier privilege?

        if (si != null) {

        if (tm != null && tm.hasCarrierPrivileges(subId)) {

            if (si.isEmbedded() && sm.canManageSubscription(si, callingPackage)) {

            return;

            return;

        }

        }

        }





        // Second check: has the CarrierService delegated access?

        // Second check: has the CarrierService delegated access?

        if (config != null) {

        if (config != null) {

telephony/java/android/telephony/SubscriptionInfo.java

+2 −2
Original line number Original line Diff line number Diff line
@@ -149,13 +149,14 @@ public class SubscriptionInfo implements Parcelable { 




    /**

    /**

     * The access rules for this subscription, if it is embedded and defines any.

     * The access rules for this subscription, if it is embedded and defines any.

     * This does not include access rules for non-embedded subscriptions.

     */

     */

    @Nullable

    @Nullable

    private UiccAccessRule[] mNativeAccessRules;

    private UiccAccessRule[] mNativeAccessRules;





    /**

    /**

     * The carrier certificates for this subscription that are saved in carrier configs.

     * The carrier certificates for this subscription that are saved in carrier configs.

     * The other carrier certificates are embedded on Uicc and stored as part of mNativeAccessRules.

     * This does not include access rules from the Uicc, whether embedded or non-embedded.

     */

     */

    @Nullable

    @Nullable

    private UiccAccessRule[] mCarrierConfigAccessRules;

    private UiccAccessRule[] mCarrierConfigAccessRules;
@@ -662,7 +663,6 @@ public class SubscriptionInfo implements Parcelable { 
     * is authorized to manage this subscription.

     * is authorized to manage this subscription.

     * TODO and fix it properly in R / master: either deprecate this and have 3 APIs

     * TODO and fix it properly in R / master: either deprecate this and have 3 APIs

     *  native + carrier + all, or have this return all by default.

     *  native + carrier + all, or have this return all by default.

     * @throws UnsupportedOperationException if this subscription is not embedded.

     * @hide

     * @hide

     */

     */

    @SystemApi

    @SystemApi

telephony/java/android/telephony/SubscriptionManager.java

+8 −0
Original line number Original line Diff line number Diff line
@@ -2702,6 +2702,10 @@ public class SubscriptionManager { 
     * Checks whether the app with the given context is authorized to manage the given subscription

     * Checks whether the app with the given context is authorized to manage the given subscription

     * according to its metadata.

     * according to its metadata.

     *

     *

     * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns

     * true). To check for permissions for non-embedded subscription as well,

     * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}.

     *

     * @param info The subscription to check.

     * @param info The subscription to check.

     * @return whether the app is authorized to manage this subscription per its metadata.

     * @return whether the app is authorized to manage this subscription per its metadata.

     */

     */
@@ -2714,6 +2718,10 @@ public class SubscriptionManager { 
     * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the

     * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the

     * {@link android.telephony.SubscriptionInfo} with the access status.

     * {@link android.telephony.SubscriptionInfo} with the access status.

     *

     *

     * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns

     * true). To check for permissions for non-embedded subscription as well,

     * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}.

     *

     * @param info The subscription to check.

     * @param info The subscription to check.

     * @param packageName Package name of the app to check.

     * @param packageName Package name of the app to check.

     * @return whether the app is authorized to manage this subscription per its access rules.

     * @return whether the app is authorized to manage this subscription per its access rules.

telephony/java/android/telephony/TelephonyManager.java

+6 −0
Original line number Original line Diff line number Diff line
@@ -8549,6 +8549,9 @@ public class TelephonyManager { 
     * call will return true. This access is granted by the owner of the UICC

     * call will return true. This access is granted by the owner of the UICC

     * card and does not depend on the registered carrier.

     * card and does not depend on the registered carrier.

     *

     *

     * Note that this API applies to both physical and embedded subscriptions and

     * is a superset of the checks done in SubscriptionManager#canManageSubscription.

     *

     * @return true if the app has carrier privileges.

     * @return true if the app has carrier privileges.

     */

     */

    public boolean hasCarrierPrivileges() {

    public boolean hasCarrierPrivileges() {
@@ -8562,6 +8565,9 @@ public class TelephonyManager { 
     * call will return true. This access is granted by the owner of the UICC

     * call will return true. This access is granted by the owner of the UICC

     * card and does not depend on the registered carrier.

     * card and does not depend on the registered carrier.

     *

     *

     * Note that this API applies to both physical and embedded subscriptions and

     * is a superset of the checks done in SubscriptionManager#canManageSubscription.

     *

     * @param subId The subscription to use.

     * @param subId The subscription to use.

     * @return true if the app has carrier privileges.

     * @return true if the app has carrier privileges.

     * @hide

     * @hide