diff options
author | Tom Taylor <tomtaylor@google.com> | 2015-07-10 11:00:44 -0700 |
---|---|---|
committer | Michael Bestas <mikeioannina@gmail.com> | 2015-11-09 23:19:10 +0200 |
commit | e54009e3db6e97fef6e131f3308e2e49288020f0 (patch) | |
tree | 5d733e64c7cf2c95a0492290f7d84c1c9842a4a2 /src/java/com/android/internal | |
parent | 2ae2c56c166f1a8569f6e49a850534788188b6b5 (diff) | |
download | android_frameworks_opt_telephony-e54009e3db6e97fef6e131f3308e2e49288020f0.tar.gz android_frameworks_opt_telephony-e54009e3db6e97fef6e131f3308e2e49288020f0.tar.bz2 android_frameworks_opt_telephony-e54009e3db6e97fef6e131f3308e2e49288020f0.zip |
Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt
Bug 22314646
When android.permission.SEND_SMS_NO_CONFIRMATION was renamed to
android.permission.SEND_RESPOND_VIA_MESSAGE in JB-MR2, the necessary change
in SmsDispatcher was accidentally overlooked.
Change-Id: I58aef2d044b8a48b1b42311a471cb112e3a258e4
Diffstat (limited to 'src/java/com/android/internal')
-rw-r--r-- | src/java/com/android/internal/telephony/SMSDispatcher.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/java/com/android/internal/telephony/SMSDispatcher.java b/src/java/com/android/internal/telephony/SMSDispatcher.java index 70aa7e97c..51f26d50d 100644 --- a/src/java/com/android/internal/telephony/SMSDispatcher.java +++ b/src/java/com/android/internal/telephony/SMSDispatcher.java @@ -83,8 +83,8 @@ public abstract class SMSDispatcher extends Handler { private static final String SEND_NEXT_MSG_EXTRA = "SendNextMsg"; /** Permission required to send SMS to short codes without user confirmation. */ - private static final String SEND_SMS_NO_CONFIRMATION_PERMISSION = - "android.permission.SEND_SMS_NO_CONFIRMATION"; + private static final String SEND_RESPOND_VIA_MESSAGE_PERMISSION = + "android.permission.SEND_RESPOND_VIA_MESSAGE"; private static final int PREMIUM_RULE_USE_SIM = 1; private static final int PREMIUM_RULE_USE_NETWORK = 2; @@ -825,7 +825,7 @@ public abstract class SMSDispatcher extends Handler { return true; } - if (mContext.checkCallingOrSelfPermission(SEND_SMS_NO_CONFIRMATION_PERMISSION) + if (mContext.checkCallingOrSelfPermission(SEND_RESPOND_VIA_MESSAGE_PERMISSION) == PackageManager.PERMISSION_GRANTED) { return true; // app is pre-approved to send to short codes } else { |