Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db51ae56 authored by SongFerngWang's avatar SongFerngWang Committed by Android Build Coastguard Worker
Browse files

[security] SubscriptionGroup is exposed to unprivileged callers 

SubscriptionInfo.mGroupUUID is not cleared in
conditionallyRemoveIdentifiers if the caller only has READ_PHONE_STATE
(based on a check to checkReadPhoneState) and not READ_DEVICE_IDENTIFIERS.
Bug: 181053462
Test: atest SubscriptionManagerTest

Change-Id: I68d1edb4e7cc2ad6696363ea1dacb09e839a651e
Merged-In: I68d1edb4e7cc2ad6696363ea1dacb09e839a651e
(cherry picked from commit 1399361f)
parent fa47477d

src/java/com/android/internal/telephony/SubscriptionController.java

+1 −0
Original line number Original line Diff line number Diff line
@@ -4011,6 +4011,7 @@ public class SubscriptionController extends ISub.Stub { 
        if (!hasIdentifierAccess) {

        if (!hasIdentifierAccess) {

            result.clearIccId();

            result.clearIccId();

            result.clearCardString();

            result.clearCardString();

            result.clearGroupUuid();

        }

        }

        if (!hasPhoneNumberAccess) {

        if (!hasPhoneNumberAccess) {

            result.clearNumber();

            result.clearNumber();