Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08423518 authored by Chen Xu's avatar Chen Xu Committed by Android Build Coastguard Worker
Browse files

filter deviceIdentifiers for subscriptionInfo if callers without perm 

Fix a security issue that app can read iccId of sim card(s) without
requiring READ_PRIVILEGED_PHONE_STATE permission when calling hidden
API SubscriptionManager.getAllActiveSubscriptionInfoList. Apply
deviceIdentifier filter to remove those info if the caller does
not have proper permissions. The previous fix forgot to reassign
returned value with filtered result.

Bug: 183612370
Test: Manual
Change-Id: I592a100f274bfe8a9f1b17b9a4c54ae2aadd6fdb
(cherry picked from commit 14507754)
Merged-In:I592a100f274bfe8a9f1b17b9a4c54ae2aadd6fdb
parent f084f1dd

src/java/com/android/internal/telephony/SubscriptionController.java

+18 −3
Original line number Diff line number Diff line
@@ -905,6 +905,19 @@ public class SubscriptionController extends ISub.Stub { 
    @Override

    public List<SubscriptionInfo> getAllSubInfoList(String callingPackage,

            String callingFeatureId) {

        return getAllSubInfoList(callingPackage, callingFeatureId, false);

    }



    /**

     * @param callingPackage The package making the IPC.

     * @param callingFeatureId The feature in the package

     * @param skipConditionallyRemoveIdentifier if set, skip removing identifier conditionally

     * @return List of all SubscriptionInfo records in database,

     * include those that were inserted before, maybe empty but not null.

     * @hide

     */

    public List<SubscriptionInfo> getAllSubInfoList(String callingPackage,

            String callingFeatureId, boolean skipConditionallyRemoveIdentifier) {

        if (VDBG) logd("[getAllSubInfoList]+");



        // This API isn't public, so no need to provide a valid subscription ID - we're not worried
@@ -923,9 +936,9 @@ public class SubscriptionController extends ISub.Stub { 
        } finally {

            Binder.restoreCallingIdentity(identity);

        }

        if (subList != null) {

        if (subList != null && !skipConditionallyRemoveIdentifier) {

            if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");

            subList.stream().map(

            subList = subList.stream().map(

                    subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,

                            callingPackage, callingFeatureId, "getAllSubInfoList"))

                    .collect(Collectors.toList());
@@ -3896,8 +3909,10 @@ public class SubscriptionController extends ISub.Stub { 
        List<SubscriptionInfo> subInfoList;



        try {

            // need to bypass removing identifier check because that will remove the subList without

            // group id.

            subInfoList = getAllSubInfoList(mContext.getOpPackageName(),

                    mContext.getAttributionTag());

                    mContext.getAttributionTag(), true);

            if (groupUuid == null || subInfoList == null || subInfoList.isEmpty()) {

                return new ArrayList<>();

            }