Loading src/java/com/android/internal/telephony/PhoneSubInfoController.java +17 −8 Original line number Diff line number Diff line Loading @@ -264,6 +264,17 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { return PhoneFactory.getPhone(phoneId); } private boolean enforceIccSimChallengeResponsePermission(Context context, int subId, String callingPackage, String callingFeatureId, String message) { if (TelephonyPermissions.checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } if (VDBG) log("No USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission."); enforcePrivilegedPermissionOrCarrierPrivilege(subId, message); return true; } /** * Make sure caller has either read privileged phone permission or carrier privilege. * Loading Loading @@ -370,8 +381,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { }); } public String getIccSimChallengeResponse(int subId, int appType, int authType, String data) throws RemoteException { @Override public String getIccSimChallengeResponse(int subId, int appType, int authType, String data, String callingPackage, String callingFeatureId) throws RemoteException { CallPhoneMethodHelper<String> toExecute = (phone)-> { UiccCard uiccCard = phone.getUiccCard(); if (uiccCard == null) { Loading @@ -396,12 +408,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { return uiccApp.getIccRecords().getIccSimChallengeResponse(authType, data); }; return callPhoneMethodWithPermissionCheck(subId, null, null, "getIccSimChallengeResponse", toExecute, (aContext, aSubId, aCallingPackage, aCallingFeatureId, aMessage) -> { enforcePrivilegedPermissionOrCarrierPrivilege(aSubId, aMessage); return true; }); return callPhoneMethodWithPermissionCheck(subId, callingPackage, callingFeatureId, "getIccSimChallengeResponse", toExecute, this::enforceIccSimChallengeResponsePermission); } public String getGroupIdLevel1ForSubscriber(int subId, String callingPackage, Loading tests/telephonytests/src/com/android/internal/telephony/TelephonyTest.java +9 −1 Original line number Diff line number Diff line Loading @@ -822,12 +822,20 @@ public abstract class TelephonyTest { // TelephonyPermissions uses a SystemAPI to check if the calling package meets any of the // generic requirements for device identifier access (currently READ_PRIVILEGED_PHONE_STATE, // appop, and device / profile owner checks. This sets up the PermissionManager to return // appop, and device / profile owner checks). This sets up the PermissionManager to return // that access requirements are met. setIdentifierAccess(true); PermissionManager permissionManager = new PermissionManager(mContext, null, mMockPermissionManager); doReturn(permissionManager).when(mContext).getSystemService(eq(Context.PERMISSION_SERVICE)); // Also make sure all appop checks fails, to not interfere tests. Tests should explicitly // mock AppOpManager to return allowed/default mode. Note by default a mock returns 0 which // is MODE_ALLOWED, hence this setup is necessary. doReturn(AppOpsManager.MODE_IGNORED).when(mAppOpsManager).noteOpNoThrow( /* op= */ anyString(), /* uid= */ anyInt(), /* packageName= */ nullable(String.class), /* attributionTag= */ nullable(String.class), /* message= */ nullable(String.class)); // TelephonyPermissions queries DeviceConfig to determine if the identifier access // restrictions should be enabled; this results in a NPE when DeviceConfig uses Loading Loading
src/java/com/android/internal/telephony/PhoneSubInfoController.java +17 −8 Original line number Diff line number Diff line Loading @@ -264,6 +264,17 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { return PhoneFactory.getPhone(phoneId); } private boolean enforceIccSimChallengeResponsePermission(Context context, int subId, String callingPackage, String callingFeatureId, String message) { if (TelephonyPermissions.checkCallingOrSelfUseIccAuthWithDeviceIdentifier(context, callingPackage, callingFeatureId, message)) { return true; } if (VDBG) log("No USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission."); enforcePrivilegedPermissionOrCarrierPrivilege(subId, message); return true; } /** * Make sure caller has either read privileged phone permission or carrier privilege. * Loading Loading @@ -370,8 +381,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { }); } public String getIccSimChallengeResponse(int subId, int appType, int authType, String data) throws RemoteException { @Override public String getIccSimChallengeResponse(int subId, int appType, int authType, String data, String callingPackage, String callingFeatureId) throws RemoteException { CallPhoneMethodHelper<String> toExecute = (phone)-> { UiccCard uiccCard = phone.getUiccCard(); if (uiccCard == null) { Loading @@ -396,12 +408,9 @@ public class PhoneSubInfoController extends IPhoneSubInfo.Stub { return uiccApp.getIccRecords().getIccSimChallengeResponse(authType, data); }; return callPhoneMethodWithPermissionCheck(subId, null, null, "getIccSimChallengeResponse", toExecute, (aContext, aSubId, aCallingPackage, aCallingFeatureId, aMessage) -> { enforcePrivilegedPermissionOrCarrierPrivilege(aSubId, aMessage); return true; }); return callPhoneMethodWithPermissionCheck(subId, callingPackage, callingFeatureId, "getIccSimChallengeResponse", toExecute, this::enforceIccSimChallengeResponsePermission); } public String getGroupIdLevel1ForSubscriber(int subId, String callingPackage, Loading
tests/telephonytests/src/com/android/internal/telephony/TelephonyTest.java +9 −1 Original line number Diff line number Diff line Loading @@ -822,12 +822,20 @@ public abstract class TelephonyTest { // TelephonyPermissions uses a SystemAPI to check if the calling package meets any of the // generic requirements for device identifier access (currently READ_PRIVILEGED_PHONE_STATE, // appop, and device / profile owner checks. This sets up the PermissionManager to return // appop, and device / profile owner checks). This sets up the PermissionManager to return // that access requirements are met. setIdentifierAccess(true); PermissionManager permissionManager = new PermissionManager(mContext, null, mMockPermissionManager); doReturn(permissionManager).when(mContext).getSystemService(eq(Context.PERMISSION_SERVICE)); // Also make sure all appop checks fails, to not interfere tests. Tests should explicitly // mock AppOpManager to return allowed/default mode. Note by default a mock returns 0 which // is MODE_ALLOWED, hence this setup is necessary. doReturn(AppOpsManager.MODE_IGNORED).when(mAppOpsManager).noteOpNoThrow( /* op= */ anyString(), /* uid= */ anyInt(), /* packageName= */ nullable(String.class), /* attributionTag= */ nullable(String.class), /* message= */ nullable(String.class)); // TelephonyPermissions queries DeviceConfig to determine if the identifier access // restrictions should be enabled; this results in a NPE when DeviceConfig uses Loading
