SmsSenderCallback: Run the callback with the phone UID. (f323afdb) · Commits · e / os / android_frameworks_opt_telephony

src/java/com/android/internal/telephony/SMSDispatcher.java

+38 −7

Original line number	Diff line number	Diff line
		@@ -35,8 +35,10 @@ import android.os.AsyncResult;
		import android.os.Binder;
		import android.os.Handler;
		import android.os.Message;
		import android.os.Process;
		import android.os.RemoteException;
		import android.os.SystemProperties;
		import android.os.UserHandle;
		import android.provider.Settings;
		import android.provider.Telephony;
		import android.provider.Telephony.Sms;
		@@ -431,8 +433,14 @@ public abstract class SMSDispatcher extends Handler {
		*/
		@Override
		public void onSendSmsComplete(int result, int messageRef) {
		checkCallerIsPhoneOrCarrierApp();
		final long identity = Binder.clearCallingIdentity();
		try {
		mSmsSender.disposeConnection(mContext);
		processSendSmsResponse(mSmsSender.mTracker, result, messageRef);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		}

		@Override
		@@ -558,6 +566,9 @@ public abstract class SMSDispatcher extends Handler {
		return;
		}

		checkCallerIsPhoneOrCarrierApp();
		final long identity = Binder.clearCallingIdentity();
		try {
		for (int i = 0; i < mSmsSender.mTrackers.length; i++) {
		int messageRef = 0;
		if (messageRefs != null && messageRefs.length > i) {
		@@ -565,6 +576,9 @@ public abstract class SMSDispatcher extends Handler {
		}
		processSendSmsResponse(mSmsSender.mTrackers[i], result, messageRef);
		}
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		}

		@Override
		@@ -1696,4 +1710,21 @@ public abstract class SMSDispatcher extends Handler {
		protected int getSubId() {
		return SubscriptionController.getInstance().getSubIdUsingPhoneId(mPhone.mPhoneId);
		}

		private void checkCallerIsPhoneOrCarrierApp() {
		int uid = Binder.getCallingUid();
		int appId = UserHandle.getAppId(uid);
		if (appId == Process.PHONE_UID \|\| uid == 0) {
		return;
		}
		try {
		PackageManager pm = mContext.getPackageManager();
		ApplicationInfo ai = pm.getApplicationInfo(getCarrierAppPackageName(), 0);
		if (!UserHandle.isSameApp(ai.uid, Binder.getCallingUid())) {
		throw new SecurityException("Caller is not phone or carrier app!");
		}
		} catch (PackageManager.NameNotFoundException re) {
		throw new SecurityException("Caller is not phone or carrier app!");
		}
		}
		}

src/java/com/android/internal/telephony/SmsUsageMonitor.java

+4 −3

Original line number	Diff line number	Diff line
		@@ -540,7 +540,7 @@ public class SmsUsageMonitor {
		* @throws SecurityException if the caller is not a system process
		*/
		public int getPremiumSmsPermission(String packageName) {
		checkCallerIsSystemOrSameApp(packageName);
		checkCallerIsSystemOrPhoneOrSameApp(packageName);
		synchronized (mPremiumSmsPolicy) {
		Integer policy = mPremiumSmsPolicy.get(packageName);
		if (policy == null) {
		@@ -578,9 +578,10 @@ public class SmsUsageMonitor {
		}).start();
		}

		private static void checkCallerIsSystemOrSameApp(String pkg) {
		private static void checkCallerIsSystemOrPhoneOrSameApp(String pkg) {
		int uid = Binder.getCallingUid();
		if (UserHandle.getAppId(uid) == Process.SYSTEM_UID \|\| uid == 0) {
		int appId = UserHandle.getAppId(uid);
		if (appId == Process.SYSTEM_UID \|\| appId == Process.PHONE_UID \|\| uid == 0) {
		return;
		}
		try {