Add permission USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER (536485ef) · Commits · e / os / android_frameworks_opt_telephony

src/java/com/android/internal/telephony/PhoneSubInfoController.java

+17 −8

Original line number	Diff line number	Diff line
		@@ -264,6 +264,17 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub {
		return PhoneFactory.getPhone(phoneId);
		}

		private boolean enforceIccSimChallengeResponsePermission(Context context, int subId,
		String callingPackage, String callingFeatureId, String message) {
		if (TelephonyPermissions.checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context,
		callingPackage, callingFeatureId, message)) {
		return true;
		}
		if (VDBG) log("No USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.");
		enforcePrivilegedPermissionOrCarrierPrivilege(subId, message);
		return true;
		}

		/**
		* Make sure caller has either read privileged phone permission or carrier privilege.
		*
		@@ -370,8 +381,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub {
		});
		}

		public String getIccSimChallengeResponse(int subId, int appType, int authType, String data)
		throws RemoteException {
		@Override
		public String getIccSimChallengeResponse(int subId, int appType, int authType, String data,
		String callingPackage, String callingFeatureId) throws RemoteException {
		CallPhoneMethodHelper<String> toExecute = (phone)-> {
		UiccCard uiccCard = phone.getUiccCard();
		if (uiccCard == null) {
		@@ -396,12 +408,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub {
		return uiccApp.getIccRecords().getIccSimChallengeResponse(authType, data);
		};

		return callPhoneMethodWithPermissionCheck(subId, null, null, "getIccSimChallengeResponse",
		toExecute,
		(aContext, aSubId, aCallingPackage, aCallingFeatureId, aMessage) -> {
		enforcePrivilegedPermissionOrCarrierPrivilege(aSubId, aMessage);
		return true;
		});
		return callPhoneMethodWithPermissionCheck(subId, callingPackage, callingFeatureId,
		"getIccSimChallengeResponse", toExecute,
		this::enforceIccSimChallengeResponsePermission);
		}

		public String getGroupIdLevel1ForSubscriber(int subId, String callingPackage,

tests/telephonytests/src/com/android/internal/telephony/TelephonyTest.java

+9 −1

Original line number	Diff line number	Diff line
		@@ -822,12 +822,20 @@ public abstract class TelephonyTest {

		// TelephonyPermissions uses a SystemAPI to check if the calling package meets any of the
		// generic requirements for device identifier access (currently READ_PRIVILEGED_PHONE_STATE,
		// appop, and device / profile owner checks. This sets up the PermissionManager to return
		// appop, and device / profile owner checks). This sets up the PermissionManager to return
		// that access requirements are met.
		setIdentifierAccess(true);
		PermissionManager permissionManager = new PermissionManager(mContext, null,
		mMockPermissionManager);
		doReturn(permissionManager).when(mContext).getSystemService(eq(Context.PERMISSION_SERVICE));
		// Also make sure all appop checks fails, to not interfere tests. Tests should explicitly
		// mock AppOpManager to return allowed/default mode. Note by default a mock returns 0 which
		// is MODE_ALLOWED, hence this setup is necessary.
		doReturn(AppOpsManager.MODE_IGNORED).when(mAppOpsManager).noteOpNoThrow(
		/* op= / anyString(), / uid= */ anyInt(),
		/* packageName= */ nullable(String.class),
		/* attributionTag= */ nullable(String.class),
		/* message= */ nullable(String.class));

		// TelephonyPermissions queries DeviceConfig to determine if the identifier access
		// restrictions should be enabled; this results in a NPE when DeviceConfig uses