Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6bb9b20 authored by Chen Xu's avatar Chen Xu
Browse files

filter deviceIdentifiers for subscriptionInfo if callers without perm 

Fix a security issue that app can read iccId of sim card(s) without
requiring READ_PRIVILEGED_PHONE_STATE permission when calling hidden API SubscriptionManager.getAllActiveSubscriptionInfoList. Apply
deviceIdentifier filter to remove those info if the caller does not have proper permissions.

Bug: 183612370
Test: Manual
Change-Id: If7d243c40d187008f8cb314b162228cbad1702a4
parent 6b9de83d

src/java/com/android/internal/telephony/SubscriptionController.java

+4 −0
Original line number Original line Diff line number Diff line
@@ -920,6 +920,10 @@ public class SubscriptionController extends ISub.Stub { 
            subList = getSubInfo(null, null);

            subList = getSubInfo(null, null);

            if (subList != null) {

            if (subList != null) {

                if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");

                if (VDBG) logd("[getAllSubInfoList]- " + subList.size() + " infos return");

                subList.stream().map(

                        subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,

                                callingPackage, callingFeatureId, "getAllSubInfoList"))

                        .collect(Collectors.toList());

            } else {

            } else {

                if (VDBG) logd("[getAllSubInfoList]- no info return");

                if (VDBG) logd("[getAllSubInfoList]- no info return");

            }

            }