Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4b633a38 authored by Tom Taylor's avatar Tom Taylor Committed by Android (Google) Code Review
Browse files

Merge "Externally-reported Moderate severity vulnerability in SMS: Apps can... 

Merge "Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt" into mnc-dev
parents f4059ccd ce058be9

src/java/com/android/internal/telephony/SMSDispatcher.java

+3 −3
Original line number Diff line number Diff line
@@ -89,8 +89,8 @@ public abstract class SMSDispatcher extends Handler { 
    private static final String SEND_NEXT_MSG_EXTRA = "SendNextMsg";



    /** Permission required to send SMS to short codes without user confirmation. */

    private static final String SEND_SMS_NO_CONFIRMATION_PERMISSION =

            "android.permission.SEND_SMS_NO_CONFIRMATION";

    private static final String SEND_RESPOND_VIA_MESSAGE_PERMISSION =

            "android.permission.SEND_RESPOND_VIA_MESSAGE";



    private static final int PREMIUM_RULE_USE_SIM = 1;

    private static final int PREMIUM_RULE_USE_NETWORK = 2;
@@ -1006,7 +1006,7 @@ public abstract class SMSDispatcher extends Handler { 
     * @return true if the destination is approved; false if user confirmation event was sent

     */

    boolean checkDestination(SmsTracker tracker) {

        if (mContext.checkCallingOrSelfPermission(SEND_SMS_NO_CONFIRMATION_PERMISSION)

        if (mContext.checkCallingOrSelfPermission(SEND_RESPOND_VIA_MESSAGE_PERMISSION)

                == PackageManager.PERMISSION_GRANTED) {

            return true;            // app is pre-approved to send to short codes

        } else {