Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df54d98b authored by Nathan Harold's avatar Nathan Harold
Browse files

Allow Cell Location for SYSTEM_UID and ROOT_UID 

This change permits the system uid and root uid to
access cellular location information via the binder.
Previously this was restricted to the phone uid, but
running with uid=system is a privileged situation,
which makes me think this this wasn't intentional.

Also add a few lines of debug code to make issues
in LocationAccessPolicy easier to track down in the
future.

Bug: 110806860
Test: manual - ran with SL4A as SYSTEM_UID and
    verified access to getAllCellInfo.

Merged-In: Ie18be2cd72c49f1859d1434428f82f164bed8756
Change-Id: Ie18be2cd72c49f1859d1434428f82f164bed8756
parent 3838ff45

telephony/java/android/telephony/LocationAccessPolicy.java

+12 −12
Original line number Diff line number Diff line
@@ -21,31 +21,27 @@ import android.annotation.NonNull; 
import android.annotation.UserIdInt;

import android.app.ActivityManager;

import android.app.AppOpsManager;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.location.LocationManager;

import android.os.Binder;

import android.os.Build;

import android.os.Process;

import android.os.Trace;

import android.os.UserHandle;

import android.os.UserManager;

import android.provider.Settings;

import android.util.SparseBooleanArray;

import android.util.Log;



import java.util.HashMap;

import java.util.List;

import java.util.Map;



/**

 * Helper for performing location access checks.

 * @hide

 */

public final class LocationAccessPolicy {

    private static final String TAG = "LocationAccessPolicy";

    private static final boolean DBG = false;



    /**

     * API to determine if the caller has permissions to get cell location.

     *
@@ -58,10 +54,11 @@ public final class LocationAccessPolicy { 
            int uid, int pid) throws SecurityException {

        Trace.beginSection("TelephonyLocationCheck");

        try {

            // Always allow the phone process to access location. This avoid breaking legacy code

            // that rely on public-facing APIs to access cell location, and it doesn't create a

            // info leak risk because the cell location is stored in the phone process anyway.

            if (uid == Process.PHONE_UID) {

            // Always allow the phone process and system server to access location. This avoid

            // breaking legacy code that rely on public-facing APIs to access cell location, and

            // it doesn't create an info leak risk because the cell location is stored in the phone

            // process anyway, and the system server already has location access.

            if (uid == Process.PHONE_UID || uid == Process.SYSTEM_UID || uid == Process.ROOT_UID) {

                return true;

            }
@@ -74,15 +71,18 @@ public final class LocationAccessPolicy { 


            if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) ==

                    PackageManager.PERMISSION_DENIED) {

                if (DBG) Log.w(TAG, "Permission checked failed (" + pid + "," + uid + ")");

                return false;

            }

            final int opCode = AppOpsManager.permissionToOpCode(

                    Manifest.permission.ACCESS_COARSE_LOCATION);

            if (opCode != AppOpsManager.OP_NONE && context.getSystemService(AppOpsManager.class)

                    .noteOpNoThrow(opCode, uid, pkgName) != AppOpsManager.MODE_ALLOWED) {

                if (DBG) Log.w(TAG, "AppOp check failed (" + uid + "," + pkgName + ")");

                return false;

            }

            if (!isLocationModeEnabled(context, UserHandle.getUserId(uid))) {

                if (DBG) Log.w(TAG, "Location disabled, failed, (" + uid + ")");

                return false;

            }

            // If the user or profile is current, permission is granted.