diff options
author | Tom Taylor <tomtaylor@google.com> | 2015-07-10 11:21:34 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2015-08-14 12:03:54 -0700 |
commit | a5c50240c5de47ed9d34c63625e541fe01a090df (patch) | |
tree | 986c7de956384dfcbd2abe312acfd73441da0ccd | |
parent | e5cb1de322f67f5c765147e645d6fc419ac831c2 (diff) | |
download | android_frameworks_opt_telephony-a5c50240c5de47ed9d34c63625e541fe01a090df.tar.gz android_frameworks_opt_telephony-a5c50240c5de47ed9d34c63625e541fe01a090df.tar.bz2 android_frameworks_opt_telephony-a5c50240c5de47ed9d34c63625e541fe01a090df.zip |
Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt
Bug 22314646
DO NOT MERGE
When android.permission.SEND_SMS_NO_CONFIRMATION was renamed to
android.permission.SEND_RESPOND_VIA_MESSAGE in JB-MR2, the necessary change
in SmsDispatcher was accidentally overlooked.
Change-Id: I2c3aa79da8064e55cec5a786696de519c2bf0b07
-rw-r--r-- | src/java/com/android/internal/telephony/SMSDispatcher.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/java/com/android/internal/telephony/SMSDispatcher.java b/src/java/com/android/internal/telephony/SMSDispatcher.java index 098ed46ad..a12c3fddb 100644 --- a/src/java/com/android/internal/telephony/SMSDispatcher.java +++ b/src/java/com/android/internal/telephony/SMSDispatcher.java @@ -88,8 +88,8 @@ public abstract class SMSDispatcher extends Handler { private static final String SEND_NEXT_MSG_EXTRA = "SendNextMsg"; /** Permission required to send SMS to short codes without user confirmation. */ - private static final String SEND_SMS_NO_CONFIRMATION_PERMISSION = - "android.permission.SEND_SMS_NO_CONFIRMATION"; + private static final String SEND_RESPOND_VIA_MESSAGE_PERMISSION = + "android.permission.SEND_RESPOND_VIA_MESSAGE"; private static final int PREMIUM_RULE_USE_SIM = 1; private static final int PREMIUM_RULE_USE_NETWORK = 2; @@ -995,7 +995,7 @@ public abstract class SMSDispatcher extends Handler { * @return true if the destination is approved; false if user confirmation event was sent */ boolean checkDestination(SmsTracker tracker) { - if (mContext.checkCallingOrSelfPermission(SEND_SMS_NO_CONFIRMATION_PERMISSION) + if (mContext.checkCallingOrSelfPermission(SEND_RESPOND_VIA_MESSAGE_PERMISSION) == PackageManager.PERMISSION_GRANTED) { return true; // app is pre-approved to send to short codes } else { |