Merge "Add DeviceConfig switch to disable new dev ID access restrictions"

2 files changed, 21 insertions, 3 deletions

diff --git a/core/java/android/provider/DeviceConfig.java b/core/java/android/provider/DeviceConfig.java
index daaa632a5cca..c217ab9fa038 100644
--- a/core/java/android/provider/DeviceConfig.java
+++ b/core/java/android/provider/DeviceConfig.java
@@ -239,6 +239,14 @@ public final class DeviceConfig {
          * Whether to show location access check notifications.
          */
         String PROPERTY_LOCATION_ACCESS_CHECK_ENABLED = "location_access_check_enabled";
+
+        /**
+         * Whether to disable the new device identifier access restrictions.
+         *
+         * @hide
+         */
+        String PROPERTY_DEVICE_IDENTIFIER_ACCESS_RESTRICTIONS_DISABLED =
+                "device_identifier_access_restrictions_disabled";
     }
 
     /**
diff --git a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
index c76d153c6112..091665f5a106 100644
--- a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
@@ -29,6 +29,7 @@ import android.os.Process;
 import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.UserHandle;
+import android.provider.DeviceConfig;
 import android.provider.Settings;
 import android.telephony.Rlog;
 import android.telephony.SubscriptionManager;
@@ -319,9 +320,10 @@ public final class TelephonyPermissions {
         // The new Q restrictions for device identifier access will be enforced for all apps with
         // settings to individually disable the new restrictions for privileged, preloaded
         // non-privileged, and 3P apps.
-        if ((!is3PApp && !isNonPrivApp && !relaxPrivDeviceIdentifierCheck)
-                || (is3PApp && !relax3PDeviceIdentifierCheck)
-                || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck)) {
+        if (!isIdentifierCheckDisabled() && (
+                (!is3PApp && !isNonPrivApp && !relaxPrivDeviceIdentifierCheck)
+                        || (is3PApp && !relax3PDeviceIdentifierCheck)
+                        || (isNonPrivApp && !relaxNonPrivDeviceIdentifierCheck))) {
             Log.wtf(LOG_TAG, "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message
                     + ":is3PApp=" + is3PApp + ":isNonPrivApp=" + isNonPrivApp);
             // if the target SDK is pre-Q then check if the calling package would have previously
@@ -348,6 +350,14 @@ public final class TelephonyPermissions {
     }
 
     /**
+     * Returns true if the new device identifier access restrictions are disabled.
+     */
+    private static boolean isIdentifierCheckDisabled() {
+        return Boolean.parseBoolean(DeviceConfig.getProperty(DeviceConfig.Privacy.NAMESPACE,
+                DeviceConfig.Privacy.PROPERTY_DEVICE_IDENTIFIER_ACCESS_RESTRICTIONS_DISABLED));
+    }
+
+    /**
      * Check whether the app with the given pid/uid can read the call log.
      * @return {@code true} if the specified app has the read call log permission and AppOpp granted
      *      to it, {@code false} otherwise.