Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 392c0a81 authored by Anushreya Mahapatra's avatar Anushreya Mahapatra Committed by Android (Google) Code Review
Browse files

Merge "Adding an admin check before calling downloadSubscriptionPrivileged.... 

Merge "Adding an admin check before calling downloadSubscriptionPrivileged. When a device administrator requests a download without carrier privileges the download should be allowed since this is encountered in the resolvable error flow path." into main
parents 8374580c 9666107a

src/java/com/android/internal/telephony/euicc/EuiccController.java

+25 −5
Original line number Diff line number Diff line
@@ -625,6 +625,7 @@ public class EuiccController extends IEuiccController.Stub { 


        boolean callerHasAdminPrivileges =

                callerCanManageDevicePolicyManagedSubscriptions(callingPackage);



        if (callerHasAdminPrivileges && (switchAfterDownload && !shouldAllowSwitchAfterDownload(

                callingPackage))) {

            // Throw error if calling admin does not have privileges to enable
@@ -739,14 +740,20 @@ public class EuiccController extends IEuiccController.Stub { 
                    super.onGetMetadataComplete(cardId, result);

                    return;

                }

                boolean callerHasAdminPrivileges =

                callerCanManageDevicePolicyManagedSubscriptions(mCallingPackage, mCallingToken);

                // At this point, we already have the user's consent.

                // So the following operations can be done with maximum privileges.



                if (checkCarrierPrivilegeInMetadata(subscription, mCallingPackage)) {

                if (checkCarrierPrivilegeInMetadata(subscription, mCallingPackage)

                        || callerHasAdminPrivileges) {

                    // Caller can download this profile. Since we already have the user's consent,

                    // proceed to download.

                  downloadSubscriptionPrivileged(cardId, mPortIndex,

                            mCallingToken, subscription, mSwitchAfterDownload,  mForceDeactivateSim,

                            mCallingPackage, null /* resolvedBundle */,

                            mCallbackIntent);

                            mCallingToken, subscription, mSwitchAfterDownload,

                            mForceDeactivateSim, mCallingPackage, null /* resolvedBundle */,

                            mCallbackIntent, callerHasAdminPrivileges,

                      getCurrentEmbeddedSubscriptionIds(cardId));

                } else {

                    Log.e(TAG, "Caller does not have carrier privilege in metadata.");

                    sendResult(mCallbackIntent, ERROR, null /* extrasIntent */);
@@ -2208,6 +2215,19 @@ public class EuiccController extends IEuiccController.Stub { 
                == PackageManager.PERMISSION_GRANTED;

    }



    // Does the same thing as callerCanManageDevicePolicyManagedSubscriptions

    //but restores the calling identity before checking permissions.

    private boolean callerCanManageDevicePolicyManagedSubscriptions(String callingPackage,

      long callingToken) {

        long previousCallingIdentity = Binder.clearCallingIdentity();

        try {

            Binder.restoreCallingIdentity(callingToken);

            return callerCanManageDevicePolicyManagedSubscriptions(callingPackage);

        } finally {

            Binder.restoreCallingIdentity(previousCallingIdentity);

        }

    }



    private boolean shouldAllowSwitchAfterDownload(String callingPackage) {

        DevicePolicyManager devicePolicyManager = getDevicePolicyManager();

        return devicePolicyManager != null && (devicePolicyManager.isDeviceOwnerApp(callingPackage)