From a9e72a7653d25ae1974dac3f1156d126c807e40c Mon Sep 17 00:00:00 2001 From: Amit Mahajan Date: Thu, 30 Jul 2015 16:04:13 -0700 Subject: [PATCH] Add OrSelf to privileged permission check. Bug: 22857263 Change-Id: Ide7105dfd653e3c271330822fb8cee7cf620e35d --- .../java/com/android/server/TelephonyRegistry.java | 18 ++++++++++-------- .../server/net/NetworkPolicyManagerService.java | 5 +++-- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/services/core/java/com/android/server/TelephonyRegistry.java b/services/core/java/com/android/server/TelephonyRegistry.java index a06bb3069d64..19a4851525a6 100644 --- a/services/core/java/com/android/server/TelephonyRegistry.java +++ b/services/core/java/com/android/server/TelephonyRegistry.java @@ -362,10 +362,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { } try { - mContext.enforceCallingPermission( + mContext.enforceCallingOrSelfPermission( android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, "addOnSubscriptionsChangedListener"); - // SKIP checking for run-time permission since obtained PRIVILEGED + // SKIP checking for run-time permission since caller or self has PRIVILEGED permission } catch (SecurityException e) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.READ_PHONE_STATE, @@ -481,9 +481,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { if ((events & ENFORCE_PHONE_STATE_PERMISSION_MASK) != 0) { try { - mContext.enforceCallingPermission( + mContext.enforceCallingOrSelfPermission( android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, null); - // SKIP checking for run-time permission since obtained PRIVILEGED + // SKIP checking for run-time permission since caller or self has PRIVILEGED + // permission } catch (SecurityException e) { if (mAppOps.noteOp(AppOpsManager.OP_READ_PHONE_STATE, Binder.getCallingUid(), callingPackage) != AppOpsManager.MODE_ALLOWED) { @@ -661,10 +662,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { } private boolean canReadPhoneState(String callingPackage) { - if (mContext.checkCallingPermission( + if (mContext.checkCallingOrSelfPermission( android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) == PackageManager.PERMISSION_GRANTED) { - // SKIP checking for run-time permission since obtained PRIVILEGED + // SKIP checking for run-time permission since caller or self has PRIVILEGED permission return true; } boolean canReadPhoneState = mContext.checkCallingOrSelfPermission( @@ -1589,9 +1590,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { if ((events & ENFORCE_PHONE_STATE_PERMISSION_MASK) != 0) { try { - mContext.enforceCallingPermission( + mContext.enforceCallingOrSelfPermission( android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, null); - // SKIP checking for run-time permission since obtained PRIVILEGED + // SKIP checking for run-time permission since caller or self has PRIVILEGED + // permission } catch (SecurityException e) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.READ_PHONE_STATE, null); diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java index cd982d32d45d..46bda8ccfd89 100644 --- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java +++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java @@ -1668,8 +1668,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { public NetworkPolicy[] getNetworkPolicies(String callingPackage) { mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG); try { - mContext.enforceCallingPermission(READ_PRIVILEGED_PHONE_STATE, TAG); - // SKIP checking run-time OP_READ_PHONE_STATE since using PRIVILEGED + mContext.enforceCallingOrSelfPermission(READ_PRIVILEGED_PHONE_STATE, TAG); + // SKIP checking run-time OP_READ_PHONE_STATE since caller or self has PRIVILEGED + // permission } catch (SecurityException e) { mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, TAG); -- 2.11.0