Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a2a3fb9 authored by Michael Groover's avatar Michael Groover
Browse files

Guard ICC ID card string behind new identifier access requirements 

In Android 10 access to device identifiers was limited to apps with
the READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, the
READ_DEVICE_IDENTIFIERS appop set to allow, or those that pass a
device / profile owner check. TelephonyManager#getSimSerialNumber
was guarded behind these new access requirements, but the same value
is still accessible via SubscriptionInfo#getCardString. While this
API is hidden toString or a parcelable can be used to obtain it. This
change clears out the card string in any returned SubscriptionInfo
objects if the caller does not meet the new identifier access
requirements.

Bug: 152057778
Test: atest SubscriptionControllerTest
Change-Id: I4406f1a2859f8ab691bb9f07da6940fb85e5cbb4
parent 05970b8d

src/java/com/android/internal/telephony/SubscriptionController.java

+1 −0
Original line number Original line Diff line number Diff line
@@ -3750,6 +3750,7 @@ public class SubscriptionController extends ISub.Stub { 
                callingFeatureId, message)) {

                callingFeatureId, message)) {

            result = new SubscriptionInfo(subInfo);

            result = new SubscriptionInfo(subInfo);

            result.clearIccId();

            result.clearIccId();

            result.clearCardString();

        }

        }

        return result;

        return result;

    }

    }

tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java

+12 −4
Original line number Original line Diff line number Diff line
@@ -1042,7 +1042,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoWithReadPhoneState() throws Exception {

    public void testGetActiveSubscriptionInfoWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfo should still return a result but the ICC ID should not be

        // getActiveSubscriptionInfo should still return a result but the ICC ID should not be

        // available.

        // available via getIccId or getCardString.

        testInsertSim();

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1053,6 +1053,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                subId, mCallingPackage, mCallingFeature);

                subId, mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertNotNull(subscriptionInfo);

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getCardString());

    }

    }





    @Test

    @Test
@@ -1066,6 +1067,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                subId, mCallingPackage, mCallingFeature);

                subId, mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertNotNull(subscriptionInfo);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getCardString().length() > 0);

    }

    }





    @Test

    @Test
@@ -1089,7 +1091,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoForSimSlotIndexWithReadPhoneState() throws Exception {

    public void testGetActiveSubscriptionInfoForSimSlotIndexWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfoForSimlSlotIndex should still return the SubscriptionInfo but

        // getActiveSubscriptionInfoForSimlSlotIndex should still return the SubscriptionInfo but

        // the ICC ID should not be available.

        // the ICC ID should not be available via getIccId or getCardString.

        testInsertSim();

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1100,6 +1102,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                        mCallingPackage, mCallingFeature);

                        mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertNotNull(subscriptionInfo);

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getCardString());

    }

    }





    @Test

    @Test
@@ -1114,6 +1117,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                        mCallingPackage, mCallingFeature);

                        mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertNotNull(subscriptionInfo);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getCardString().length() > 0);

    }

    }





    @Test

    @Test
@@ -1134,7 +1138,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoListWithReadPhoneState() throws Exception {

    public void testGetActiveSubscriptionInfoListWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfoList should still return the list of SubscriptionInfo objects

        // getActiveSubscriptionInfoList should still return the list of SubscriptionInfo objects

        // but the ICC ID should not be available.

        // but the ICC ID should not be available via getIccId or getCardString.

        testInsertSim();

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1146,6 +1150,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

        for (SubscriptionInfo info : subInfoList) {

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getCardString());

        }

        }

    }

    }
@@ -1161,6 +1166,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

        for (SubscriptionInfo info : subInfoList) {

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getCardString().length() > 0);

        }

        }

    }

    }
@@ -1184,7 +1190,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception {

    public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // If the calling package only has the READ_PHONE_STATE permission then

        // getSubscriptionsInGroup should still return the list of SubscriptionInfo objects

        // getSubscriptionsInGroup should still return the list of SubscriptionInfo objects

        // but the ICC ID should not be available.

        // but the ICC ID should not be available via getIccId or getCardString.

        ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();

        ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1195,6 +1201,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

        for (SubscriptionInfo info : subInfoList) {

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getCardString());

        }

        }

    }

    }
@@ -1209,6 +1216,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

        for (SubscriptionInfo info : subInfoList) {

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getCardString().length() > 0);

        }

        }

    }

    }