Loading core/java/android/provider/Settings.java +11 −0 Original line number Diff line number Diff line Loading @@ -12819,6 +12819,17 @@ public final class Settings { public static final String PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED = "privileged_device_identifier_3p_check_relaxed"; /** * If set to 1, the device identifier check will be relaxed to the previous READ_PHONE_STATE * permission check for preloaded non-privileged apps. * * STOPSHIP: Remove this once we ship with the new device identifier check enabled. * * @hide */ public static final String PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED = "privileged_device_identifier_non_priv_check_relaxed"; /** * If set to 1, SettingsProvider's restoreAnyVersion="true" attribute will be ignored * and restoring to lower version of platform API will be skipped. Loading core/tests/coretests/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -384,6 +384,7 @@ public class SettingsBackupTest { Settings.Global.PRIV_APP_OOB_LIST, Settings.Global.PRIVATE_DNS_DEFAULT_MODE, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, Settings.Global.PROVISIONING_APN_ALARM_DELAY_IN_MS, Loading telephony/java/com/android/internal/telephony/TelephonyPermissions.java +25 −4 Original line number Diff line number Diff line Loading @@ -284,8 +284,6 @@ public final class TelephonyPermissions { */ private static boolean reportAccessDeniedToReadIdentifiers(Context context, int subId, int pid, int uid, String callingPackage, String message) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); // If the device identifier check is enabled then enforce the new access requirements for // both 1P and 3P apps. boolean enableDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Loading @@ -295,17 +293,40 @@ public final class TelephonyPermissions { boolean relax3PDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, 0) == 1; boolean is3PApp = true; // Also check if the application is a preloaded non-privileged app; if so there is a // separate setting to relax the check for these apps to ensure users can relax the check // for 3P or non-priv apps as needed while continuing to test the other. boolean relaxNonPrivDeviceIdentifierCheck = Settings.Global.getInt( context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED, 0) == 1; boolean isNonPrivApp = false; ApplicationInfo callingPackageInfo = null; try { callingPackageInfo = context.getPackageManager().getApplicationInfo(callingPackage, 0); if (callingPackageInfo.isSystemApp()) { if (callingPackageInfo.isPrivilegedApp()) { is3PApp = false; } else if (callingPackageInfo.isSystemApp()) { is3PApp = false; isNonPrivApp = true; } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then assume the // calling app is a 3P app to detect any issues with the check } if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck)) { Log.e(LOG_TAG, "Exception caught obtaining package info for package " + callingPackage, e); } Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message + ":is3PApp=" + is3PApp + ":isNonPrivApp=" + isNonPrivApp); // The new Q restrictions for device identifier access will be enforced if any of the // following are true: // - The PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED setting has been set. // - The app requesting a device identifier is not a preloaded app (3P), and the // PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED setting has not been set. // - The app requesting a device identifier is a preloaded app but is not a privileged app, // and the PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED setting has not been set. if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck) || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck)) { boolean targetQBehaviorDisabled = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, 0) == 0; if (callingPackage != null) { Loading Loading
core/java/android/provider/Settings.java +11 −0 Original line number Diff line number Diff line Loading @@ -12819,6 +12819,17 @@ public final class Settings { public static final String PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED = "privileged_device_identifier_3p_check_relaxed"; /** * If set to 1, the device identifier check will be relaxed to the previous READ_PHONE_STATE * permission check for preloaded non-privileged apps. * * STOPSHIP: Remove this once we ship with the new device identifier check enabled. * * @hide */ public static final String PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED = "privileged_device_identifier_non_priv_check_relaxed"; /** * If set to 1, SettingsProvider's restoreAnyVersion="true" attribute will be ignored * and restoring to lower version of platform API will be skipped. Loading
core/tests/coretests/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -384,6 +384,7 @@ public class SettingsBackupTest { Settings.Global.PRIV_APP_OOB_LIST, Settings.Global.PRIVATE_DNS_DEFAULT_MODE, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, Settings.Global.PROVISIONING_APN_ALARM_DELAY_IN_MS, Loading
telephony/java/com/android/internal/telephony/TelephonyPermissions.java +25 −4 Original line number Diff line number Diff line Loading @@ -284,8 +284,6 @@ public final class TelephonyPermissions { */ private static boolean reportAccessDeniedToReadIdentifiers(Context context, int subId, int pid, int uid, String callingPackage, String message) { Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message); // If the device identifier check is enabled then enforce the new access requirements for // both 1P and 3P apps. boolean enableDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Loading @@ -295,17 +293,40 @@ public final class TelephonyPermissions { boolean relax3PDeviceIdentifierCheck = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED, 0) == 1; boolean is3PApp = true; // Also check if the application is a preloaded non-privileged app; if so there is a // separate setting to relax the check for these apps to ensure users can relax the check // for 3P or non-priv apps as needed while continuing to test the other. boolean relaxNonPrivDeviceIdentifierCheck = Settings.Global.getInt( context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED, 0) == 1; boolean isNonPrivApp = false; ApplicationInfo callingPackageInfo = null; try { callingPackageInfo = context.getPackageManager().getApplicationInfo(callingPackage, 0); if (callingPackageInfo.isSystemApp()) { if (callingPackageInfo.isPrivilegedApp()) { is3PApp = false; } else if (callingPackageInfo.isSystemApp()) { is3PApp = false; isNonPrivApp = true; } } catch (PackageManager.NameNotFoundException e) { // If the application info for the calling package could not be found then assume the // calling app is a 3P app to detect any issues with the check } if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck)) { Log.e(LOG_TAG, "Exception caught obtaining package info for package " + callingPackage, e); } Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message + ":is3PApp=" + is3PApp + ":isNonPrivApp=" + isNonPrivApp); // The new Q restrictions for device identifier access will be enforced if any of the // following are true: // - The PRIVILEGED_DEVICE_IDENTIFIER_CHECK_ENABLED setting has been set. // - The app requesting a device identifier is not a preloaded app (3P), and the // PRIVILEGED_DEVICE_IDENTIFIER_3P_CHECK_RELAXED setting has not been set. // - The app requesting a device identifier is a preloaded app but is not a privileged app, // and the PRIVILEGED_DEVICE_IDENTIFIER_NON_PRIV_CHECK_RELAXED setting has not been set. if (enableDeviceIdentifierCheck || (is3PApp && !relax3PDeviceIdentifierCheck) || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck)) { boolean targetQBehaviorDisabled = Settings.Global.getInt(context.getContentResolver(), Settings.Global.PRIVILEGED_DEVICE_IDENTIFIER_TARGET_Q_BEHAVIOR_ENABLED, 0) == 0; if (callingPackage != null) { Loading
