Loading services/core/java/com/android/server/net/NetworkPolicyManagerService.java +5 −9 Original line number Original line Diff line number Diff line Loading @@ -3067,24 +3067,20 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // Verify they're not lying about package name // Verify they're not lying about package name mAppOps.checkPackage(callingUid, callingPackage); mAppOps.checkPackage(callingUid, callingPackage); final SubscriptionManager sm; final SubscriptionInfo si; final PersistableBundle config; final PersistableBundle config; final TelephonyManager tm; final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { sm = mContext.getSystemService(SubscriptionManager.class); si = sm.getActiveSubscriptionInfo(subId); config = mCarrierConfigManager.getConfigForSubId(subId); config = mCarrierConfigManager.getConfigForSubId(subId); tm = mContext.getSystemService(TelephonyManager.class); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } // First check: is caller the CarrierService? // First check: does caller have carrier privilege? if (si != null) { if (tm != null && tm.hasCarrierPrivileges(subId)) { if (si.isEmbedded() && sm.canManageSubscription(si, callingPackage)) { return; return; } } } // Second check: has the CarrierService delegated access? // Second check: has the CarrierService delegated access? if (config != null) { if (config != null) { Loading telephony/java/android/telephony/SubscriptionInfo.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -148,13 +148,14 @@ public class SubscriptionInfo implements Parcelable { /** /** * The access rules for this subscription, if it is embedded and defines any. * The access rules for this subscription, if it is embedded and defines any. * This does not include access rules for non-embedded subscriptions. */ */ @Nullable @Nullable private UiccAccessRule[] mNativeAccessRules; private UiccAccessRule[] mNativeAccessRules; /** /** * The carrier certificates for this subscription that are saved in carrier configs. * The carrier certificates for this subscription that are saved in carrier configs. * The other carrier certificates are embedded on Uicc and stored as part of mNativeAccessRules. * This does not include access rules from the Uicc, whether embedded or non-embedded. */ */ @Nullable @Nullable private UiccAccessRule[] mCarrierConfigAccessRules; private UiccAccessRule[] mCarrierConfigAccessRules; Loading Loading @@ -661,7 +662,6 @@ public class SubscriptionInfo implements Parcelable { * is authorized to manage this subscription. * is authorized to manage this subscription. * TODO and fix it properly in R / master: either deprecate this and have 3 APIs * TODO and fix it properly in R / master: either deprecate this and have 3 APIs * native + carrier + all, or have this return all by default. * native + carrier + all, or have this return all by default. * @throws UnsupportedOperationException if this subscription is not embedded. * @hide * @hide */ */ @SystemApi @SystemApi Loading telephony/java/android/telephony/SubscriptionManager.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -2631,6 +2631,10 @@ public class SubscriptionManager { * Checks whether the app with the given context is authorized to manage the given subscription * Checks whether the app with the given context is authorized to manage the given subscription * according to its metadata. * according to its metadata. * * * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns * true). To check for permissions for non-embedded subscription as well, * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. * * @param info The subscription to check. * @param info The subscription to check. * @return whether the app is authorized to manage this subscription per its metadata. * @return whether the app is authorized to manage this subscription per its metadata. */ */ Loading @@ -2643,6 +2647,10 @@ public class SubscriptionManager { * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the * {@link android.telephony.SubscriptionInfo} with the access status. * {@link android.telephony.SubscriptionInfo} with the access status. * * * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns * true). To check for permissions for non-embedded subscription as well, * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. * * @param info The subscription to check. * @param info The subscription to check. * @param packageName Package name of the app to check. * @param packageName Package name of the app to check. * @return whether the app is authorized to manage this subscription per its access rules. * @return whether the app is authorized to manage this subscription per its access rules. Loading telephony/java/android/telephony/TelephonyManager.java +6 −0 Original line number Original line Diff line number Diff line Loading @@ -8534,6 +8534,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * card and does not depend on the registered carrier. * * * Note that this API applies to both physical and embedded subscriptions and * is a superset of the checks done in SubscriptionManager#canManageSubscription. * * @return true if the app has carrier privileges. * @return true if the app has carrier privileges. */ */ public boolean hasCarrierPrivileges() { public boolean hasCarrierPrivileges() { Loading @@ -8547,6 +8550,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * card and does not depend on the registered carrier. * * * Note that this API applies to both physical and embedded subscriptions and * is a superset of the checks done in SubscriptionManager#canManageSubscription. * * @param subId The subscription to use. * @param subId The subscription to use. * @return true if the app has carrier privileges. * @return true if the app has carrier privileges. * @hide * @hide Loading Loading
services/core/java/com/android/server/net/NetworkPolicyManagerService.java +5 −9 Original line number Original line Diff line number Diff line Loading @@ -3067,24 +3067,20 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // Verify they're not lying about package name // Verify they're not lying about package name mAppOps.checkPackage(callingUid, callingPackage); mAppOps.checkPackage(callingUid, callingPackage); final SubscriptionManager sm; final SubscriptionInfo si; final PersistableBundle config; final PersistableBundle config; final TelephonyManager tm; final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { sm = mContext.getSystemService(SubscriptionManager.class); si = sm.getActiveSubscriptionInfo(subId); config = mCarrierConfigManager.getConfigForSubId(subId); config = mCarrierConfigManager.getConfigForSubId(subId); tm = mContext.getSystemService(TelephonyManager.class); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } // First check: is caller the CarrierService? // First check: does caller have carrier privilege? if (si != null) { if (tm != null && tm.hasCarrierPrivileges(subId)) { if (si.isEmbedded() && sm.canManageSubscription(si, callingPackage)) { return; return; } } } // Second check: has the CarrierService delegated access? // Second check: has the CarrierService delegated access? if (config != null) { if (config != null) { Loading
telephony/java/android/telephony/SubscriptionInfo.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -148,13 +148,14 @@ public class SubscriptionInfo implements Parcelable { /** /** * The access rules for this subscription, if it is embedded and defines any. * The access rules for this subscription, if it is embedded and defines any. * This does not include access rules for non-embedded subscriptions. */ */ @Nullable @Nullable private UiccAccessRule[] mNativeAccessRules; private UiccAccessRule[] mNativeAccessRules; /** /** * The carrier certificates for this subscription that are saved in carrier configs. * The carrier certificates for this subscription that are saved in carrier configs. * The other carrier certificates are embedded on Uicc and stored as part of mNativeAccessRules. * This does not include access rules from the Uicc, whether embedded or non-embedded. */ */ @Nullable @Nullable private UiccAccessRule[] mCarrierConfigAccessRules; private UiccAccessRule[] mCarrierConfigAccessRules; Loading Loading @@ -661,7 +662,6 @@ public class SubscriptionInfo implements Parcelable { * is authorized to manage this subscription. * is authorized to manage this subscription. * TODO and fix it properly in R / master: either deprecate this and have 3 APIs * TODO and fix it properly in R / master: either deprecate this and have 3 APIs * native + carrier + all, or have this return all by default. * native + carrier + all, or have this return all by default. * @throws UnsupportedOperationException if this subscription is not embedded. * @hide * @hide */ */ @SystemApi @SystemApi Loading
telephony/java/android/telephony/SubscriptionManager.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -2631,6 +2631,10 @@ public class SubscriptionManager { * Checks whether the app with the given context is authorized to manage the given subscription * Checks whether the app with the given context is authorized to manage the given subscription * according to its metadata. * according to its metadata. * * * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns * true). To check for permissions for non-embedded subscription as well, * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. * * @param info The subscription to check. * @param info The subscription to check. * @return whether the app is authorized to manage this subscription per its metadata. * @return whether the app is authorized to manage this subscription per its metadata. */ */ Loading @@ -2643,6 +2647,10 @@ public class SubscriptionManager { * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the * {@link android.telephony.SubscriptionInfo} with the access status. * {@link android.telephony.SubscriptionInfo} with the access status. * * * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns * true). To check for permissions for non-embedded subscription as well, * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. * * @param info The subscription to check. * @param info The subscription to check. * @param packageName Package name of the app to check. * @param packageName Package name of the app to check. * @return whether the app is authorized to manage this subscription per its access rules. * @return whether the app is authorized to manage this subscription per its access rules. Loading
telephony/java/android/telephony/TelephonyManager.java +6 −0 Original line number Original line Diff line number Diff line Loading @@ -8534,6 +8534,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * card and does not depend on the registered carrier. * * * Note that this API applies to both physical and embedded subscriptions and * is a superset of the checks done in SubscriptionManager#canManageSubscription. * * @return true if the app has carrier privileges. * @return true if the app has carrier privileges. */ */ public boolean hasCarrierPrivileges() { public boolean hasCarrierPrivileges() { Loading @@ -8547,6 +8550,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * card and does not depend on the registered carrier. * * * Note that this API applies to both physical and embedded subscriptions and * is a superset of the checks done in SubscriptionManager#canManageSubscription. * * @param subId The subscription to use. * @param subId The subscription to use. * @return true if the app has carrier privileges. * @return true if the app has carrier privileges. * @hide * @hide Loading
