Add a blacklist for preinstalled carrier apps.
Allows an OEM to specify that a preinstalled carrier app, even if
TelephonyManager says it should have carrier privileges, does not
get granted the default permissions and does not get enabled when
a compatible SIM is inserted.
Bug: 138150105
Test: verified locally
Change-Id: I0afec28f1f18227947c1fe9e6bb5fd0dad3b5dac
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index 4d6e7da..4b47e03 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -4267,6 +4267,10 @@
(default 2MB) -->
<integer name="config_notificationStripRemoteViewSizeBytes">2000000</integer>
+ <!-- Contains a blacklist of apps that should not get pre-installed carrier app permission
+ grants, even if the UICC claims that the app should be privileged. See b/138150105 -->
+ <string-array name="config_restrictedPreinstalledCarrierApps" translatable="false"/>
+
<!-- Sharesheet: define a max number of targets per application for new shortcuts-based direct share introduced in Q -->
<integer name="config_maxShortcutTargetsPerApp">3</integer>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index a4a3863..66e3883 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -3835,6 +3835,7 @@
<java-symbol type="string" name="config_defaultSupervisionProfileOwnerComponent" />
<java-symbol type="bool" name="config_inflateSignalStrength" />
+ <java-symbol type="array" name="config_restrictedPreinstalledCarrierApps" />
<java-symbol type="drawable" name="android_logotype" />
<java-symbol type="layout" name="platlogo_layout" />
diff --git a/telephony/java/com/android/internal/telephony/CarrierAppUtils.java b/telephony/java/com/android/internal/telephony/CarrierAppUtils.java
index 6498e49..0d4fd0f 100644
--- a/telephony/java/com/android/internal/telephony/CarrierAppUtils.java
+++ b/telephony/java/com/android/internal/telephony/CarrierAppUtils.java
@@ -21,6 +21,7 @@
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
import android.content.pm.PackageManager;
+import android.content.res.Resources;
import android.os.RemoteException;
import android.permission.IPermissionManager;
import android.provider.Settings;
@@ -29,7 +30,9 @@
import android.util.ArraySet;
import android.util.Slog;
+import com.android.internal.R;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.util.ArrayUtils;
import com.android.server.SystemConfig;
import java.util.ArrayList;
@@ -143,9 +146,12 @@
try {
for (ApplicationInfo ai : candidates) {
String packageName = ai.packageName;
- boolean hasPrivileges = telephonyManager != null &&
- telephonyManager.checkCarrierPrivilegesForPackageAnyPhone(packageName) ==
- TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
+ String[] restrictedCarrierApps = Resources.getSystem().getStringArray(
+ R.array.config_restrictedPreinstalledCarrierApps);
+ boolean hasPrivileges = telephonyManager != null
+ && telephonyManager.checkCarrierPrivilegesForPackageAnyPhone(packageName)
+ == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS
+ && !ArrayUtils.contains(restrictedCarrierApps, packageName);
// add hiddenUntilInstalled flag for carrier apps and associated apps
packageManager.setSystemAppHiddenUntilInstalled(packageName, true);