Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f869d07 authored by Chen Xu's avatar Chen Xu
Browse files

filter deviceIdentifiers for subscriptionInfo if callers without perm 

Fix a security issue that app can read iccId of sim card(s) without
requiring READ_PRIVILEGED_PHONE_STATE permission when calling hidden API SubscriptionManager.getAllActiveSubscriptionInfoList. Apply
deviceIdentifier filter to remove those info if the caller does not have proper permissions.

Bug: 183612370
Test: Manual
Merged-in: If7d243c40d187008f8cb314b162228cbad1702a4
Change-Id: If7d243c40d187008f8cb314b162228cbad1702a4
(cherry picked from commit f6bb9b20)
parent 93d5117c

src/java/com/android/internal/telephony/SubscriptionController.java

+4 −0
Original line number Diff line number Diff line
@@ -691,6 +691,10 @@ public class SubscriptionController extends ISub.Stub { 
            subList = getSubInfo(null, null);

            if (subList != null) {

                if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");

                subList.stream().map(

                        subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,

                                callingPackage, "getAllSubInfoList"))

                        .collect(Collectors.toList());

            } else {

                if (VDBG) logd("[getAllSubInfoList]- no info return");

            }