diff options
| author | 2021-02-23 12:21:24 -0800 | |
|---|---|---|
| committer | 2021-04-01 16:55:50 -0700 | |
| commit | 172f15e5e1a6ed5eee312c078d24c94e03f03fdc (patch) | |
| tree | da919e6fef49e6dc51caba1a11bfd0ebb4f0f03e | |
| parent | e1e036661c5bf3b642e4ac0a4f20e2a38a14a7ae (diff) | |
Update carrier privilege check in enforceSubscriptionPlanAccess
Remove isEmbedded() check, since this can be called on both PSIM and
ESIM. Replace SM#canManageSubscription with TM#hasCarrierPrivileges,
since it is a superset of the checks done in SM#canManageSubscription
and applies to both PSIMs as well as ESIMS. Updated the documentation
for the two APIs to clarify the differences.
Test: atest CtsTelephonyTestCases (SubscriptionManagerTest)
Fix: 180451446
Change-Id: Icb4e2c619dacaea9e74cedea31865ec1eb689dce
4 files changed, 21 insertions, 11 deletions
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java index ffa518e266d9..42bd8c512806 100644 --- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java +++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java @@ -3067,23 +3067,19 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // Verify they're not lying about package name mAppOps.checkPackage(callingUid, callingPackage); - final SubscriptionManager sm; - final SubscriptionInfo si; final PersistableBundle config; + final TelephonyManager tm; final long token = Binder.clearCallingIdentity(); try { - sm = mContext.getSystemService(SubscriptionManager.class); - si = sm.getActiveSubscriptionInfo(subId); config = mCarrierConfigManager.getConfigForSubId(subId); + tm = mContext.getSystemService(TelephonyManager.class); } finally { Binder.restoreCallingIdentity(token); } - // First check: is caller the CarrierService? - if (si != null) { - if (si.isEmbedded() && sm.canManageSubscription(si, callingPackage)) { - return; - } + // First check: does caller have carrier privilege? + if (tm != null && tm.hasCarrierPrivileges(subId)) { + return; } // Second check: has the CarrierService delegated access? diff --git a/telephony/java/android/telephony/SubscriptionInfo.java b/telephony/java/android/telephony/SubscriptionInfo.java index 11667c83bc6a..0ee6568b6430 100644 --- a/telephony/java/android/telephony/SubscriptionInfo.java +++ b/telephony/java/android/telephony/SubscriptionInfo.java @@ -148,13 +148,14 @@ public class SubscriptionInfo implements Parcelable { /** * The access rules for this subscription, if it is embedded and defines any. + * This does not include access rules for non-embedded subscriptions. */ @Nullable private UiccAccessRule[] mNativeAccessRules; /** * The carrier certificates for this subscription that are saved in carrier configs. - * The other carrier certificates are embedded on Uicc and stored as part of mNativeAccessRules. + * This does not include access rules from the Uicc, whether embedded or non-embedded. */ @Nullable private UiccAccessRule[] mCarrierConfigAccessRules; @@ -661,7 +662,6 @@ public class SubscriptionInfo implements Parcelable { * is authorized to manage this subscription. * TODO and fix it properly in R / master: either deprecate this and have 3 APIs * native + carrier + all, or have this return all by default. - * @throws UnsupportedOperationException if this subscription is not embedded. * @hide */ @SystemApi diff --git a/telephony/java/android/telephony/SubscriptionManager.java b/telephony/java/android/telephony/SubscriptionManager.java index e9ee06c246ba..c8ba919aa40d 100644 --- a/telephony/java/android/telephony/SubscriptionManager.java +++ b/telephony/java/android/telephony/SubscriptionManager.java @@ -2631,6 +2631,10 @@ public class SubscriptionManager { * Checks whether the app with the given context is authorized to manage the given subscription * according to its metadata. * + * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns + * true). To check for permissions for non-embedded subscription as well, + * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. + * * @param info The subscription to check. * @return whether the app is authorized to manage this subscription per its metadata. */ @@ -2643,6 +2647,10 @@ public class SubscriptionManager { * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the * {@link android.telephony.SubscriptionInfo} with the access status. * + * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns + * true). To check for permissions for non-embedded subscription as well, + * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}. + * * @param info The subscription to check. * @param packageName Package name of the app to check. * @return whether the app is authorized to manage this subscription per its access rules. diff --git a/telephony/java/android/telephony/TelephonyManager.java b/telephony/java/android/telephony/TelephonyManager.java index 35e263036694..10c3e6db5205 100644 --- a/telephony/java/android/telephony/TelephonyManager.java +++ b/telephony/java/android/telephony/TelephonyManager.java @@ -8534,6 +8534,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * + * Note that this API applies to both physical and embedded subscriptions and + * is a superset of the checks done in SubscriptionManager#canManageSubscription. + * * @return true if the app has carrier privileges. */ public boolean hasCarrierPrivileges() { @@ -8547,6 +8550,9 @@ public class TelephonyManager { * call will return true. This access is granted by the owner of the UICC * card and does not depend on the registered carrier. * + * Note that this API applies to both physical and embedded subscriptions and + * is a superset of the checks done in SubscriptionManager#canManageSubscription. + * * @param subId The subscription to use. * @return true if the app has carrier privileges. * @hide |