LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security fix: enforce read privilege permission to check package

Browse Source 
privileges in TelephonyManager

Bug: 180938364
Test: cts
Change-Id: I08c346c46b9e87dceaa1faf35fa36b954d88f9b0
This commit is contained in:
Nazanin
2021-04-15 14:18:15 -07:00
parent 3f9c12565c
commit 6468b0d17e
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
services/core/java/com/android/server/net/NetworkStatsAccess.java
View File

@@ -27,6 +27,7 @@ import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManagerInternal;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Binder;
import android.os.Process;
import android.os.UserHandle;
import android.telephony.TelephonyManager;
@@ -108,9 +109,16 @@ public final class NetworkStatsAccess {
DevicePolicyManagerInternal.class);
final TelephonyManager tm = (TelephonyManager)
context.getSystemService(Context.TELEPHONY_SERVICE);
boolean hasCarrierPrivileges = tm != null &&
tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) ==
TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
boolean hasCarrierPrivileges;
final long token = Binder.clearCallingIdentity();
try {
hasCarrierPrivileges = tm != null
&& tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
== TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
} finally {
Binder.restoreCallingIdentity(token);
}
final boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid);
final int appId = UserHandle.getAppId(callingUid);
if (hasCarrierPrivileges || isDeviceOwner