Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7264df38 authored by SongFerngWang's avatar SongFerngWang Committed by SongFerng Wang
Browse files

[security] SubscriptionGroup is exposed to unprivileged callers 

SubscriptionInfo.mGroupUUID is not cleared in
conditionallyRemoveIdentifiers if the caller only has READ_PHONE_STATE
(based on a check to checkReadPhoneState) and not READ_DEVICE_IDENTIFIERS.
Bug: 181053462
Test: atest SubscriptionManagerTest

Change-Id: I68d1edb4e7cc2ad6696363ea1dacb09e839a651e
Merged-In: I68d1edb4e7cc2ad6696363ea1dacb09e839a651e
parent 93d5117c

src/java/com/android/internal/telephony/SubscriptionController.java

+1 −0
Original line number Original line Diff line number Diff line
@@ -3638,6 +3638,7 @@ public class SubscriptionController extends ISub.Stub { 
        if (!hasIdentifierAccess) {

        if (!hasIdentifierAccess) {

            result.clearIccId();

            result.clearIccId();

            result.clearCardString();

            result.clearCardString();

            result.clearGroupUuid();

        }

        }

        return result;

        return result;

    }

    }