From 3ec197b793abf611b1968d01b4ee9194e1ed6c02 Mon Sep 17 00:00:00 2001
From: Michael Groover <mpgroover@google.com>
Date: Thu, 11 Oct 2018 19:55:09 -0700
Subject: Temporarily relax the privileged device identifier access check

Access to device identifiers was moved from a runtime permission to a
privileged permission; this change broke some first party apps that query for
these identifiers. This change introduces a flag in TelephonyPermissions that
will allow the privileged check to be relaxed so that dummy data is returned
(null for TelephonyManager methods and Build.UNKNOWN for Build#getSerial)
regardless of target SDK instead of throwing a SecurityException to prevent
app breakage. This flag will be changed back to the default false once all of
the first party apps have the privileged permission granted or their own
unique ID.

Bug: 117611604
Test: cts-tradefed run cts-dev -m CtsTelephony3TestCases
Change-Id: I294455e4c7e589def21d0c437ec1ef398bd44731
---
 .../internal/telephony/TelephonyPermissions.java   | 57 ++++++++++++++--------
 1 file changed, 36 insertions(+), 21 deletions(-)

diff --git a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
index dac7e04be07a..9730ebc57fcf 100644
--- a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
@@ -32,6 +32,7 @@ import android.os.UserHandle;
 import android.telephony.Rlog;
 import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyManager;
+import android.util.Log;
 
 import com.android.internal.annotations.VisibleForTesting;
 
@@ -43,6 +44,10 @@ public final class TelephonyPermissions {
 
     private static final boolean DBG = false;
 
+    // When set to true this flag will treat all apps that fail the device identifier check as
+    // though they are targeting pre-Q and return dummy data instead of throwing a SecurityException
+    private static final boolean RELAX_DEVICE_IDENTIFIER_CHECK = true;
+
     private static final Supplier<ITelephony> TELEPHONY_SUPPLIER = () ->
             ITelephony.Stub.asInterface(ServiceManager.getService(Context.TELEPHONY_SERVICE));
 
@@ -275,31 +280,41 @@ public final class TelephonyPermissions {
      */
     private static boolean reportAccessDeniedToReadIdentifiers(Context context, int subId, int pid,
             int uid, String callingPackage, String message) {
-        if (callingPackage != null) {
-            try {
-                // if the target SDK is pre-Q then check if the calling package would have
-                // previously had access to device identifiers.
-                ApplicationInfo callingPackageInfo = context.getPackageManager().getApplicationInfo(
-                        callingPackage, 0);
-                if (callingPackageInfo != null
-                        && callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q) {
-                    if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid,
-                            uid) == PackageManager.PERMISSION_GRANTED) {
-                        return false;
-                    }
-                    if (SubscriptionManager.isValidSubscriptionId(subId)
-                            && getCarrierPrivilegeStatus(TELEPHONY_SUPPLIER, subId, uid)
-                            == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
-                        return false;
+        // if the device identifier check is relaxed then just return false to return dummy data to
+        // the caller instead of throwing a SecurityException for apps targeting Q+.
+        if (RELAX_DEVICE_IDENTIFIER_CHECK) {
+            Log.wtf(LOG_TAG,
+                    "reportAccessDeniedToReadIdentifiers:" + callingPackage + ":" + message);
+            return false;
+        } else {
+            if (callingPackage != null) {
+                try {
+                    // if the target SDK is pre-Q then check if the calling package would have
+                    // previously had access to device identifiers.
+                    ApplicationInfo callingPackageInfo =
+                            context.getPackageManager().getApplicationInfo(
+                                    callingPackage, 0);
+                    if (callingPackageInfo != null
+                            && callingPackageInfo.targetSdkVersion < Build.VERSION_CODES.Q) {
+                        if (context.checkPermission(android.Manifest.permission.READ_PHONE_STATE,
+                                pid,
+                                uid) == PackageManager.PERMISSION_GRANTED) {
+                            return false;
+                        }
+                        if (SubscriptionManager.isValidSubscriptionId(subId)
+                                && getCarrierPrivilegeStatus(TELEPHONY_SUPPLIER, subId, uid)
+                                == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
+                            return false;
+                        }
                     }
+                } catch (PackageManager.NameNotFoundException e) {
+                    // If the application info for the calling package could not be found then
+                    // default to throwing the SecurityException.
                 }
-            } catch (PackageManager.NameNotFoundException e) {
-                // If the application info for the calling package could not be found then default
-                // to throwing the SecurityException.
             }
+            throw new SecurityException(message + ": The user " + uid + " does not have the "
+                    + "READ_PRIVILEGED_PHONE_STATE permission to access the device identifiers");
         }
-        throw new SecurityException(message + ": The user " + uid + " does not have the "
-                + "READ_PRIVILEGED_PHONE_STATE permission to access the device identifiers");
     }
 
     /**
-- 
cgit v1.2.3-59-g8ed1b