diff options
author | Hall Liu <hallliu@google.com> | 2019-12-16 11:30:53 -0800 |
---|---|---|
committer | Vasyl Gello <vasek.gello@gmail.com> | 2020-03-03 12:34:12 +0000 |
commit | 1c209faacc4f485fa90f2f08b54464328e6c0157 (patch) | |
tree | 63e8f4477edb7a6f2881b504b3c20579d3fef70a | |
parent | 069d70878ce7cf834fae3461d33967e277a2324a (diff) | |
download | android_packages_providers_TelephonyProvider-cm-14.1.tar.gz android_packages_providers_TelephonyProvider-cm-14.1.tar.bz2 android_packages_providers_TelephonyProvider-cm-14.1.zip |
DO NOT MERGE Check permissions for URL_SIMINFOcm-14.1
Check permissions if the query is attempting to access URL_SIMINFO,
since it contains sensitive IDs.
Test: atest android.provider.cts.TelephonyProviderTest
Bug: 140622024
Change-Id: Ibcf4cf01a965b5c91aebf65adc98110ba3be89f6
(cherry picked from commit caab85d9144e83165637098ba8cb3c99fcf5cae2)
-rw-r--r-- | src/com/android/providers/telephony/TelephonyProvider.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/com/android/providers/telephony/TelephonyProvider.java b/src/com/android/providers/telephony/TelephonyProvider.java index 37eb8cb..97250eb 100644 --- a/src/com/android/providers/telephony/TelephonyProvider.java +++ b/src/com/android/providers/telephony/TelephonyProvider.java @@ -1963,6 +1963,9 @@ public class TelephonyProvider extends ContentProvider // null returns all columns, so need permission check checkPermission(); } + } else { + // For the sim_info table, we only require READ_PHONE_STATE + checkReadSimInfoPermission(); } SQLiteDatabase db = mOpenHelper.getReadableDatabase(); @@ -2473,6 +2476,23 @@ public class TelephonyProvider extends ContentProvider throw new SecurityException("No permission to write APN settings"); } + private void checkReadSimInfoPermission() { + try { + // Even if the caller doesn't have READ_PHONE_STATE, we'll let them access sim_info as + // long as they have the more restrictive write_apn_settings or carrier priv. + checkPermission(); + return; + } catch (SecurityException e) { + int status = getContext().checkCallingOrSelfPermission( + "android.permission.READ_PHONE_STATE"); + if (status == PackageManager.PERMISSION_GRANTED) { + return; + } + EventLog.writeEvent(0x534e4554, "124107808", Binder.getCallingUid()); + throw new SecurityException("No READ_PHONE_STATE permission"); + } + } + private DatabaseHelper mOpenHelper; private void restoreDefaultAPN(int subId) { |