Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6a29f501 authored by Michael Groover's avatar Michael Groover
Browse files

Apply new device ID access requirements to getNai 

This change enforces the new device identifier access restrictions
for TelephonyManager#getNai.

Bug: 117781266
Bug: 131188555
Test: atest PhoneSubInfoControllerTest
Change-Id: I0f6d17049ccccd3d82f6f49ba2302c013a80f1ae
Merged-in: I0f6d17049ccccd3d82f6f49ba2302c013a80f1ae
parent 7c582b5d

src/java/com/android/internal/telephony/PhoneSubInfoController.java

+2 −2
Original line number Diff line number Diff line
@@ -65,8 +65,8 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { 
    }



    public String getNaiForSubscriber(int subId, String callingPackage) {

        return callPhoneMethodForSubIdWithReadCheck(subId, callingPackage, "getNai",

                (phone)-> phone.getNai());

        return callPhoneMethodForSubIdWithReadSubscriberIdentifiersCheck(subId, callingPackage,

                "getNai", (phone)-> phone.getNai());

    }



    public String getImeiForSubscriber(int subId, String callingPackage) {

tests/telephonytests/src/com/android/internal/telephony/PhoneSubInfoControllerTest.java

+33 −4
Original line number Diff line number Diff line
@@ -175,6 +175,9 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
    @Test

    @SmallTest

    public void testGetNaiWithOutPermission() {

        // The READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, or passing a device /

        // profile owner access check is required to access subscriber identifiers. Since none of

        // those are true for this test each case will result in a SecurityException being thrown.

        doReturn("aaa@example.com").when(mPhone).getNai();

        doReturn("bbb@example.com").when(mSecondPhone).getNai();
@@ -200,15 +203,41 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        mContextFixture.addCallingOrSelfPermission(READ_PHONE_STATE);

        doReturn(AppOpsManager.MODE_ERRORED).when(mAppOsMgr).noteOp(

                eq(AppOpsManager.OPSTR_READ_PHONE_STATE), anyInt(), eq(TAG));

        assertNull(mPhoneSubInfoControllerUT.getNaiForSubscriber(0, TAG));

        assertNull(mPhoneSubInfoControllerUT.getNaiForSubscriber(1, TAG));

        try {

            mPhoneSubInfoControllerUT.getNaiForSubscriber(0, TAG);

            Assert.fail("expected Security Exception Thrown");

        } catch (Exception ex) {

            assertTrue(ex instanceof SecurityException);

            assertTrue(ex.getMessage().contains("getNai"));

        }



        try {

            mPhoneSubInfoControllerUT.getNaiForSubscriber(1, TAG);

            Assert.fail("expected Security Exception Thrown");

        } catch (Exception ex) {

            assertTrue(ex instanceof SecurityException);

            assertTrue(ex.getMessage().contains("getNai"));

        }



        //case 3: no READ_PRIVILEGED_PHONE_STATE

        mContextFixture.addCallingOrSelfPermission(READ_PHONE_STATE);

        doReturn(AppOpsManager.MODE_ALLOWED).when(mAppOsMgr).noteOp(

                eq(AppOpsManager.OPSTR_READ_PHONE_STATE), anyInt(), eq(TAG));

        assertEquals("aaa@example.com", mPhoneSubInfoControllerUT.getNaiForSubscriber(0, TAG));

        assertEquals("bbb@example.com", mPhoneSubInfoControllerUT.getNaiForSubscriber(1, TAG));

        try {

            mPhoneSubInfoControllerUT.getNaiForSubscriber(0, TAG);

            Assert.fail("expected Security Exception Thrown");

        } catch (Exception ex) {

            assertTrue(ex instanceof SecurityException);

            assertTrue(ex.getMessage().contains("getNai"));

        }



        try {

            mPhoneSubInfoControllerUT.getNaiForSubscriber(1, TAG);

            Assert.fail("expected Security Exception Thrown");

        } catch (Exception ex) {

            assertTrue(ex instanceof SecurityException);

            assertTrue(ex.getMessage().contains("getNai"));

        }

    }



    @Test