LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security fix: enforce read privilege permission to check package

Browse Source 
privileges in TelephonyManager

Bug: 180938364
Test: cts
Change-Id: I08c346c46b9e87dceaa1faf35fa36b954d88f9b0
This commit is contained in:
Nazanin
2021-04-15 14:18:15 -07:00
parent 3f9c12565c
commit 6468b0d17e
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
services/core/java/com/android/server/net/NetworkStatsAccess.java
View File

@@ -27,6 +27,7 @@ import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal;
import android.content.Context; import android.content.Context;
import android.content.pm.PackageManager; import android.content.pm.PackageManager;
import android.os.Binder;
import android.os.Process; import android.os.Process;
import android.os.UserHandle; import android.os.UserHandle;
import android.telephony.TelephonyManager; import android.telephony.TelephonyManager;
@@ -108,9 +109,16 @@ public final class NetworkStatsAccess {
DevicePolicyManagerInternal.class); DevicePolicyManagerInternal.class);
final TelephonyManager tm = (TelephonyManager) final TelephonyManager tm = (TelephonyManager)
context.getSystemService(Context.TELEPHONY_SERVICE); context.getSystemService(Context.TELEPHONY_SERVICE);
boolean hasCarrierPrivileges = tm != null && boolean hasCarrierPrivileges;
tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == final long token = Binder.clearCallingIdentity();
TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; try {
hasCarrierPrivileges = tm != null
&& tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
== TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
} finally {
Binder.restoreCallingIdentity(token);
}
final boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid); final boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid);
final int appId = UserHandle.getAppId(callingUid); final int appId = UserHandle.getAppId(callingUid);
if (hasCarrierPrivileges || isDeviceOwner if (hasCarrierPrivileges || isDeviceOwner