DO NOT MERGE Check permissions for URL_SIMINFOcm-14.1

Check permissions if the query is attempting to access URL_SIMINFO, since it contains sensitive IDs. Test: atest android.provider.cts.TelephonyProviderTest Bug: 140622024 Change-Id: Ibcf4cf01a965b5c91aebf65adc98110ba3be89f6 (cherry picked from commit caab85d9144e83165637098ba8cb3c99fcf5cae2)
author: Hall Liu <hallliu@google.com> 2019-12-16 11:30:53 -0800
committer: Vasyl Gello <vasek.gello@gmail.com> 2020-03-03 12:34:12 +0000
commit: 1c209faacc4f485fa90f2f08b54464328e6c0157 (patch)
tree: 63e8f4477edb7a6f2881b504b3c20579d3fef70a
parent: 069d70878ce7cf834fae3461d33967e277a2324a (diff)
download: android_packages_providers_TelephonyProvider-cm-14.1.tar.gz
android_packages_providers_TelephonyProvider-cm-14.1.tar.bz2
android_packages_providers_TelephonyProvider-cm-14.1.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/src/com/android/providers/telephony/TelephonyProvider.java b/src/com/android/providers/telephony/TelephonyProvider.java
index 37eb8cb..97250eb 100644
--- a/src/com/android/providers/telephony/TelephonyProvider.java
+++ b/src/com/android/providers/telephony/TelephonyProvider.java
@@ -1963,6 +1963,9 @@ public class TelephonyProvider extends ContentProvider
                 // null returns all columns, so need permission check
                 checkPermission();
             }
+        } else {
+            // For the sim_info table, we only require READ_PHONE_STATE
+            checkReadSimInfoPermission();
         }
 
         SQLiteDatabase db = mOpenHelper.getReadableDatabase();
@@ -2473,6 +2476,23 @@ public class TelephonyProvider extends ContentProvider
         throw new SecurityException("No permission to write APN settings");
     }
 
+    private void checkReadSimInfoPermission() {
+        try {
+            // Even if the caller doesn't have READ_PHONE_STATE, we'll let them access sim_info as
+            // long as they have the more restrictive write_apn_settings or carrier priv.
+            checkPermission();
+            return;
+        } catch (SecurityException e) {
+            int status = getContext().checkCallingOrSelfPermission(
+                    "android.permission.READ_PHONE_STATE");
+            if (status == PackageManager.PERMISSION_GRANTED) {
+                return;
+            }
+            EventLog.writeEvent(0x534e4554, "124107808", Binder.getCallingUid());
+            throw new SecurityException("No READ_PHONE_STATE permission");
+        }
+    }
+
     private DatabaseHelper mOpenHelper;
 
     private void restoreDefaultAPN(int subId) {
author	Hall Liu <hallliu@google.com>	2019-12-16 11:30:53 -0800
committer	Vasyl Gello <vasek.gello@gmail.com>	2020-03-03 12:34:12 +0000
commit	1c209faacc4f485fa90f2f08b54464328e6c0157 (patch)
tree	63e8f4477edb7a6f2881b504b3c20579d3fef70a
parent	069d70878ce7cf834fae3461d33967e277a2324a (diff)
download	android_packages_providers_TelephonyProvider-cm-14.1.tar.gz android_packages_providers_TelephonyProvider-cm-14.1.tar.bz2 android_packages_providers_TelephonyProvider-cm-14.1.zip