Loading telephony/java/android/telephony/LocationAccessPolicy.java +12 −7 Original line number Original line Diff line number Diff line Loading @@ -39,7 +39,8 @@ import java.util.List; * @hide * @hide */ */ public final class LocationAccessPolicy { public final class LocationAccessPolicy { private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName(); private static final String TAG = "LocationAccessPolicy"; private static final boolean DBG = false; /** /** * API to determine if the caller has permissions to get cell location. * API to determine if the caller has permissions to get cell location. Loading @@ -52,12 +53,13 @@ public final class LocationAccessPolicy { */ */ public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException { int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException { Trace.beginSection("TelephonyLohcationCheck"); Trace.beginSection("TelephonyLocationCheck"); try { try { // Always allow the phone process to access location. This avoid breaking legacy code // Always allow the phone process and system server to access location. This avoid // that rely on public-facing APIs to access cell location, and it doesn't create a // breaking legacy code that rely on public-facing APIs to access cell location, and // info leak risk because the cell location is stored in the phone process anyway. // it doesn't create an info leak risk because the cell location is stored in the phone if (uid == Process.PHONE_UID) { // process anyway, and the system server already has location access. if (uid == Process.PHONE_UID || uid == Process.SYSTEM_UID || uid == Process.ROOT_UID) { return true; return true; } } Loading @@ -72,15 +74,18 @@ public final class LocationAccessPolicy { pid, uid, "canAccessCellLocation"); pid, uid, "canAccessCellLocation"); } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) == PackageManager.PERMISSION_DENIED) { pid, uid) == PackageManager.PERMISSION_DENIED) { if (DBG) Log.w(TAG, "Permission checked failed (" + pid + "," + uid + ")"); return false; return false; } } final int opCode = AppOpsManager.permissionToOpCode( final int opCode = AppOpsManager.permissionToOpCode( Manifest.permission.ACCESS_COARSE_LOCATION); Manifest.permission.ACCESS_COARSE_LOCATION); if (opCode != AppOpsManager.OP_NONE && context.getSystemService(AppOpsManager.class) if (opCode != AppOpsManager.OP_NONE && context.getSystemService(AppOpsManager.class) .noteOpNoThrow(opCode, uid, pkgName) != AppOpsManager.MODE_ALLOWED) { .noteOpNoThrow(opCode, uid, pkgName) != AppOpsManager.MODE_ALLOWED) { if (DBG) Log.w(TAG, "AppOp check failed (" + uid + "," + pkgName + ")"); return false; return false; } } if (!isLocationModeEnabled(context, UserHandle.getUserId(uid))) { if (!isLocationModeEnabled(context, UserHandle.getUserId(uid))) { if (DBG) Log.w(TAG, "Location disabled, failed, (" + uid + ")"); return false; return false; } } // If the user or profile is current, permission is granted. // If the user or profile is current, permission is granted. Loading @@ -94,7 +99,7 @@ public final class LocationAccessPolicy { private static boolean isLocationModeEnabled(@NonNull Context context, @UserIdInt int userId) { private static boolean isLocationModeEnabled(@NonNull Context context, @UserIdInt int userId) { LocationManager locationManager = context.getSystemService(LocationManager.class); LocationManager locationManager = context.getSystemService(LocationManager.class); if (locationManager == null) { if (locationManager == null) { Log.w(LOG_TAG, "Couldn't get location manager, denying location access"); Log.w(TAG, "Couldn't get location manager, denying location access"); return false; return false; } } return locationManager.isLocationEnabledForUser(UserHandle.of(userId)); return locationManager.isLocationEnabledForUser(UserHandle.of(userId)); Loading Loading
telephony/java/android/telephony/LocationAccessPolicy.java +12 −7 Original line number Original line Diff line number Diff line Loading @@ -39,7 +39,8 @@ import java.util.List; * @hide * @hide */ */ public final class LocationAccessPolicy { public final class LocationAccessPolicy { private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName(); private static final String TAG = "LocationAccessPolicy"; private static final boolean DBG = false; /** /** * API to determine if the caller has permissions to get cell location. * API to determine if the caller has permissions to get cell location. Loading @@ -52,12 +53,13 @@ public final class LocationAccessPolicy { */ */ public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException { int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException { Trace.beginSection("TelephonyLohcationCheck"); Trace.beginSection("TelephonyLocationCheck"); try { try { // Always allow the phone process to access location. This avoid breaking legacy code // Always allow the phone process and system server to access location. This avoid // that rely on public-facing APIs to access cell location, and it doesn't create a // breaking legacy code that rely on public-facing APIs to access cell location, and // info leak risk because the cell location is stored in the phone process anyway. // it doesn't create an info leak risk because the cell location is stored in the phone if (uid == Process.PHONE_UID) { // process anyway, and the system server already has location access. if (uid == Process.PHONE_UID || uid == Process.SYSTEM_UID || uid == Process.ROOT_UID) { return true; return true; } } Loading @@ -72,15 +74,18 @@ public final class LocationAccessPolicy { pid, uid, "canAccessCellLocation"); pid, uid, "canAccessCellLocation"); } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) == PackageManager.PERMISSION_DENIED) { pid, uid) == PackageManager.PERMISSION_DENIED) { if (DBG) Log.w(TAG, "Permission checked failed (" + pid + "," + uid + ")"); return false; return false; } } final int opCode = AppOpsManager.permissionToOpCode( final int opCode = AppOpsManager.permissionToOpCode( Manifest.permission.ACCESS_COARSE_LOCATION); Manifest.permission.ACCESS_COARSE_LOCATION); if (opCode != AppOpsManager.OP_NONE && context.getSystemService(AppOpsManager.class) if (opCode != AppOpsManager.OP_NONE && context.getSystemService(AppOpsManager.class) .noteOpNoThrow(opCode, uid, pkgName) != AppOpsManager.MODE_ALLOWED) { .noteOpNoThrow(opCode, uid, pkgName) != AppOpsManager.MODE_ALLOWED) { if (DBG) Log.w(TAG, "AppOp check failed (" + uid + "," + pkgName + ")"); return false; return false; } } if (!isLocationModeEnabled(context, UserHandle.getUserId(uid))) { if (!isLocationModeEnabled(context, UserHandle.getUserId(uid))) { if (DBG) Log.w(TAG, "Location disabled, failed, (" + uid + ")"); return false; return false; } } // If the user or profile is current, permission is granted. // If the user or profile is current, permission is granted. Loading @@ -94,7 +99,7 @@ public final class LocationAccessPolicy { private static boolean isLocationModeEnabled(@NonNull Context context, @UserIdInt int userId) { private static boolean isLocationModeEnabled(@NonNull Context context, @UserIdInt int userId) { LocationManager locationManager = context.getSystemService(LocationManager.class); LocationManager locationManager = context.getSystemService(LocationManager.class); if (locationManager == null) { if (locationManager == null) { Log.w(LOG_TAG, "Couldn't get location manager, denying location access"); Log.w(TAG, "Couldn't get location manager, denying location access"); return false; return false; } } return locationManager.isLocationEnabledForUser(UserHandle.of(userId)); return locationManager.isLocationEnabledForUser(UserHandle.of(userId)); Loading
