From 7e99d126699fe92f6898c3f4e386564918b496db Mon Sep 17 00:00:00 2001
From: Kris Alder <kalder@google.com>
Date: Wed, 27 Nov 2024 10:13:50 -0800
Subject: iterate over all SIMs/subscriptions and disable 2G

We need to disable 2G on all SIM cards, not just the first one.

This also checks if any of the subscriptions support cellular data to
decide if the feature is available or not.

Bug: 381265069
Test: enabled 2G, toggled APM, verified 2G is disabled in UI
Flag: android.security.aapm_feature_disable_cellular_2g
Change-Id: I4b650bdf6da904bdb59ebb4f3402140c3d1e7e43
---
 .../DisallowCellular2GAdvancedProtectionHook.java  | 57 ++++++++++++++++++----
 1 file changed, 48 insertions(+), 9 deletions(-)

diff --git a/services/core/java/com/android/server/security/advancedprotection/features/DisallowCellular2GAdvancedProtectionHook.java b/services/core/java/com/android/server/security/advancedprotection/features/DisallowCellular2GAdvancedProtectionHook.java
index b9c8d3dc5319..f51c25d6761c 100644
--- a/services/core/java/com/android/server/security/advancedprotection/features/DisallowCellular2GAdvancedProtectionHook.java
+++ b/services/core/java/com/android/server/security/advancedprotection/features/DisallowCellular2GAdvancedProtectionHook.java
@@ -24,9 +24,14 @@ import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.os.UserManager;
 import android.security.advancedprotection.AdvancedProtectionFeature;
+import android.telephony.SubscriptionInfo;
+import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyManager;
 import android.util.Slog;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /** @hide */
 public final class DisallowCellular2GAdvancedProtectionHook extends AdvancedProtectionHook {
     private static final String TAG = "AdvancedProtectionDisallowCellular2G";
@@ -35,11 +40,13 @@ public final class DisallowCellular2GAdvancedProtectionHook extends AdvancedProt
             new AdvancedProtectionFeature(FEATURE_ID_DISALLOW_CELLULAR_2G);
     private final DevicePolicyManager mDevicePolicyManager;
     private final TelephonyManager mTelephonyManager;
+    private final SubscriptionManager mSubscriptionManager;
 
     public DisallowCellular2GAdvancedProtectionHook(@NonNull Context context, boolean enabled) {
         super(context, enabled);
         mDevicePolicyManager = context.getSystemService(DevicePolicyManager.class);
         mTelephonyManager = context.getSystemService(TelephonyManager.class);
+        mSubscriptionManager = context.getSystemService(SubscriptionManager.class);
 
         setPolicy(enabled);
     }
@@ -50,14 +57,44 @@ public final class DisallowCellular2GAdvancedProtectionHook extends AdvancedProt
         return mFeature;
     }
 
+    private static boolean isEmbeddedSubscriptionVisible(SubscriptionInfo subInfo) {
+        if (subInfo.isEmbedded()
+                && (subInfo.getProfileClass() == SubscriptionManager.PROFILE_CLASS_PROVISIONING
+                        || (com.android.internal.telephony.flags.Flags.oemEnabledSatelliteFlag()
+                                && subInfo.isOnlyNonTerrestrialNetwork()))) {
+            return false;
+        }
+
+        return true;
+    }
+
+    private List<TelephonyManager> getActiveTelephonyManagers() {
+        List<TelephonyManager> telephonyManagers = new ArrayList<>();
+
+        for (SubscriptionInfo subInfo : mSubscriptionManager.getActiveSubscriptionInfoList()) {
+            if (isEmbeddedSubscriptionVisible(subInfo)) {
+                telephonyManagers.add(
+                        mTelephonyManager.createForSubscriptionId(subInfo.getSubscriptionId()));
+            }
+        }
+
+        return telephonyManagers;
+    }
+
     @Override
     public boolean isAvailable() {
-        return mTelephonyManager.isDataCapable();
+        for (TelephonyManager telephonyManager : getActiveTelephonyManagers()) {
+            if (telephonyManager.isDataCapable()
+                    && telephonyManager.isRadioInterfaceCapabilitySupported(
+                            mTelephonyManager.CAPABILITY_USES_ALLOWED_NETWORK_TYPES_BITMASK)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     private void setPolicy(boolean enabled) {
-        Slog.i(TAG, "setPolicy called with " + enabled);
-
         if (enabled) {
             Slog.d(TAG, "Setting DISALLOW_CELLULAR_2G_GLOBALLY restriction");
             mDevicePolicyManager.addUserRestrictionGlobally(
@@ -75,12 +112,14 @@ public final class DisallowCellular2GAdvancedProtectionHook extends AdvancedProt
 
         // Leave 2G disabled even if APM is disabled.
         if (!enabled) {
-            long oldAllowedTypes =
-                    mTelephonyManager.getAllowedNetworkTypesForReason(
-                            TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G);
-            long newAllowedTypes = oldAllowedTypes & ~TelephonyManager.NETWORK_CLASS_BITMASK_2G;
-            mTelephonyManager.setAllowedNetworkTypesForReason(
-                    TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G, newAllowedTypes);
+            for (TelephonyManager telephonyManager : getActiveTelephonyManagers()) {
+                long oldAllowedTypes =
+                        telephonyManager.getAllowedNetworkTypesForReason(
+                                TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G);
+                long newAllowedTypes = oldAllowedTypes & ~TelephonyManager.NETWORK_CLASS_BITMASK_2G;
+                telephonyManager.setAllowedNetworkTypesForReason(
+                        TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G, newAllowedTypes);
+            }
         }
     }
 }
-- 
cgit v1.2.3-59-g8ed1b