Loading core/java/android/provider/Settings.java +11 −0 Original line number Diff line number Diff line Loading @@ -12507,6 +12507,17 @@ public final class Settings { public static final String PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED = "privileged_device_identifier_target_q_behavior_enabled"; /** * If set to 1, the device identifier check will be relaxed to the previous READ_PHONE_STATE * permission check for 3P apps. * * STOPSHIP: Remove this once we ship with the new device identifier check enabled. * * @hide */ public static final String PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED = "privileged_device_identifier_3p_check_relaxed"; /** * If set to 1, SettingsProvider's restoreAnyVersion="true" attribute will be ignored * and restoring to lower version of platform API will be skipped. Loading core/tests/coretests/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -370,6 +370,7 @@ public class SettingsBackupTest { Settings.Global.PRIVATE_DNS_DEFAULT_MODE, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, Settings.Global.PROVISIONING_APN_ALARM_DELAY_IN_MS, Settings.Global.RADIO_BLUETOOTH, Settings.Global.RADIO_CELL, Loading telephony/java/com/android/internal/telephony/TelephonyPermissions.java +37 −30 Original line number Diff line number Diff line Loading @@ -286,22 +286,31 @@ public final class TelephonyPermissions { int uid, String callingPackage, String message) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); // if the device identifier check is relaxed then revert to the READ_PHONE_STATE permission // check that was previously required to access device identifiers. boolean relaxDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, 0) == 0; if (relaxDeviceIdentifierCheck) { return checkReadPhoneState(context, subId, pid, uid, callingPackage, message); } else { // If the device identifier check is enabled then enforce the new access requirements for // both 1P and 3P apps. boolean enableDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, 0) == 1; // Check if the application is a 3P app; if so then a separate setting is required to relax // the check to begin flagging problems with 3P apps early. boolean relax3PDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, 0) == 1; boolean is3PApp = true; ApplicationInfo callingPackageInfo = null; try { callingPackageInfo = context.getPackageManager().getApplicationInfo(callingPackage, 0); if (callingPackageInfo.isSystemApp()) { is3PApp = false; } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then assume the // calling app is a 3P app to detect any issues with the check } if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck)) { boolean targetQBehaviorDisabled = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, 0) == 0; if (callingPackage != null) { try { // if the target SDK is pre-Q or the target Q behavior is disabled then check if // the calling package would have previously had access to device identifiers. ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( callingPackage, 0); if (callingPackageInfo != null && ( callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q || targetQBehaviorDisabled)) { Loading @@ -317,13 +326,11 @@ public final class TelephonyPermissions { return false; } } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then // default to throwing the SecurityException. } } throw new SecurityException(message + ": The user " + uid + " does not meet the requirements to access device identifiers."); } else { return checkReadPhoneState(context, subId, pid, uid, callingPackage, message); } } Loading Loading
core/java/android/provider/Settings.java +11 −0 Original line number Diff line number Diff line Loading @@ -12507,6 +12507,17 @@ public final class Settings { public static final String PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED = "privileged_device_identifier_target_q_behavior_enabled"; /** * If set to 1, the device identifier check will be relaxed to the previous READ_PHONE_STATE * permission check for 3P apps. * * STOPSHIP: Remove this once we ship with the new device identifier check enabled. * * @hide */ public static final String PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED = "privileged_device_identifier_3p_check_relaxed"; /** * If set to 1, SettingsProvider's restoreAnyVersion="true" attribute will be ignored * and restoring to lower version of platform API will be skipped. Loading
core/tests/coretests/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -370,6 +370,7 @@ public class SettingsBackupTest { Settings.Global.PRIVATE_DNS_DEFAULT_MODE, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, Settings.Global.PROVISIONING_APN_ALARM_DELAY_IN_MS, Settings.Global.RADIO_BLUETOOTH, Settings.Global.RADIO_CELL, Loading
telephony/java/com/android/internal/telephony/TelephonyPermissions.java +37 −30 Original line number Diff line number Diff line Loading @@ -286,22 +286,31 @@ public final class TelephonyPermissions { int uid, String callingPackage, String message) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); // if the device identifier check is relaxed then revert to the READ_PHONE_STATE permission // check that was previously required to access device identifiers. boolean relaxDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, 0) == 0; if (relaxDeviceIdentifierCheck) { return checkReadPhoneState(context, subId, pid, uid, callingPackage, message); } else { // If the device identifier check is enabled then enforce the new access requirements for // both 1P and 3P apps. boolean enableDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, 0) == 1; // Check if the application is a 3P app; if so then a separate setting is required to relax // the check to begin flagging problems with 3P apps early. boolean relax3PDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, 0) == 1; boolean is3PApp = true; ApplicationInfo callingPackageInfo = null; try { callingPackageInfo = context.getPackageManager().getApplicationInfo(callingPackage, 0); if (callingPackageInfo.isSystemApp()) { is3PApp = false; } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then assume the // calling app is a 3P app to detect any issues with the check } if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck)) { boolean targetQBehaviorDisabled = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, 0) == 0; if (callingPackage != null) { try { // if the target SDK is pre-Q or the target Q behavior is disabled then check if // the calling package would have previously had access to device identifiers. ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo( callingPackage, 0); if (callingPackageInfo != null && ( callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q || targetQBehaviorDisabled)) { Loading @@ -317,13 +326,11 @@ public final class TelephonyPermissions { return false; } } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then // default to throwing the SecurityException. } } throw new SecurityException(message + ": The user " + uid + " does not meet the requirements to access device identifiers."); } else { return checkReadPhoneState(context, subId, pid, uid, callingPackage, message); } } Loading
