Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec5f77a0 authored by Michael Groover's avatar Michael Groover
Browse files

Allow apps with carrier privileges to access device IDs 

The original design for device identifier access only allowed apps with
carrier privileges to access subscriber identifiers (IMSI and SIM serial
number), however this was too restrictive and can impact a number of
carriers. For Q apps with carrier privileges will be allowed access to
the device identifiers, but this may change in a future release.

Change-Id: Ib60eb7670d8a75a2014ff730d89a1ebe4c2039f0
Fixes: 117844226
Test: atest CarrierApiTest
parent fc1d7e58

telephony/java/android/telephony/TelephonyManager.java

+32 −27
Original line number Diff line number Diff line
@@ -41,7 +41,6 @@ import android.net.NetworkStats; 
import android.net.Uri;

import android.os.AsyncTask;

import android.os.BatteryStats;

import android.os.Build;

import android.os.Bundle;

import android.os.Handler;

import android.os.PersistableBundle;
@@ -1311,9 +1310,10 @@ public class TelephonyManager { 
     * Returns the unique device ID, for example, the IMEI for GSM and the MEID

     * or ESN for CDMA phones. Return null if device ID is not available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     *
@@ -1321,7 +1321,7 @@ public class TelephonyManager { 
     * MEID for CDMA.

     */

    @Deprecated

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getDeviceId() {

        try {
@@ -1340,9 +1340,10 @@ public class TelephonyManager { 
     * Returns the unique device ID of a subscription, for example, the IMEI for

     * GSM and the MEID for CDMA phones. Return null if device ID is not available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     *
@@ -1352,7 +1353,7 @@ public class TelephonyManager { 
     * MEID for CDMA.

     */

    @Deprecated

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getDeviceId(int slotIndex) {

        // FIXME this assumes phoneId == slotIndex
@@ -1372,13 +1373,14 @@ public class TelephonyManager { 
     * Returns the IMEI (International Mobile Equipment Identity). Return null if IMEI is not

     * available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     */

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getImei() {

        return getImei(getSlotIndex());
@@ -1388,15 +1390,16 @@ public class TelephonyManager { 
     * Returns the IMEI (International Mobile Equipment Identity). Return null if IMEI is not

     * available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     *

     * @param slotIndex of which IMEI is returned

     */

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getImei(int slotIndex) {

        ITelephony telephony = getITelephony();
@@ -1441,13 +1444,14 @@ public class TelephonyManager { 
    /**

     * Returns the MEID (Mobile Equipment Identifier). Return null if MEID is not available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     */

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getMeid() {

        return getMeid(getSlotIndex());
@@ -1456,15 +1460,16 @@ public class TelephonyManager { 
    /**

     * Returns the MEID (Mobile Equipment Identifier). Return null if MEID is not available.

     *

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the

     * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app

     * that owns a managed profile on the device; for more details see <a

     * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or

     * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier

     * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a

     * managed profile on the device; for more details see <a

     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     *

     * @param slotIndex of which MEID is returned

     */

    @SuppressAutoDoc // No support for device / profile owner.

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getMeid(int slotIndex) {

        ITelephony telephony = getITelephony();
@@ -2962,7 +2967,7 @@ public class TelephonyManager { 
     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     */

    @SuppressAutoDoc // Blocked by b/72967236 - no support for carrier privileges

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getSimSerialNumber() {

         return getSimSerialNumber(getSubId());
@@ -3124,7 +3129,7 @@ public class TelephonyManager { 
     * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner

     * access is deprecated and will be removed in a future release.

     */

    @SuppressAutoDoc // Blocked by b/72967236 - no support for carrier privileges

    @SuppressAutoDoc // No support for device / profile owner or carrier privileges (b/72967236).

    @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)

    public String getSubscriberId() {

        return getSubscriberId(getSubId());

telephony/java/com/android/internal/telephony/TelephonyPermissions.java

+7 −0
Original line number Diff line number Diff line
@@ -188,6 +188,13 @@ public final class TelephonyPermissions { 
        if (checkReadDeviceIdentifiers(context, pid, uid, callingPackage)) {

            return true;

        }

        // Calling packages with carrier privileges will also have access to device identifiers, but

        // this may be removed in a future release.

        if (SubscriptionManager.isValidSubscriptionId(subId) && getCarrierPrivilegeStatus(

                TELEPHONY_SUPPLIER, subId, uid)

                == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {

            return true;

        }

        // else the calling package is not authorized to access the device identifiers; call

        // a central method to report the failure based on the target SDK and if the calling package

        // has the READ_PHONE_STATE permission or carrier privileges that were previously required