Merge "Require READ_PHONE_STATE for DO/PO dev ID access"
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index b289a3e..92daf08 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -51,6 +51,7 @@
import android.graphics.Bitmap;
import android.net.ProxyInfo;
import android.net.Uri;
+import android.os.Binder;
import android.os.Bundle;
import android.os.Parcelable;
import android.os.PersistableBundle;
@@ -5786,7 +5787,8 @@
}
if (mService != null) {
try {
- return mService.checkDeviceIdentifierAccess(packageName, userId);
+ return mService.checkDeviceIdentifierAccess(packageName, userId,
+ Binder.getCallingPid(), Binder.getCallingUid());
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index cf0cad8..ce1f4ef 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -153,7 +153,7 @@
void clearProfileOwner(in ComponentName who);
boolean hasUserSetupCompleted();
- boolean checkDeviceIdentifierAccess(in String packageName, int userHandle);
+ boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid);
void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo);
CharSequence getDeviceOwnerLockScreenInfo();
diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index 412a700..292543c 100644
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -130,9 +130,9 @@
* <a href="/training/articles/security-key-attestation.html">key attestation</a> to obtain
* proof of the device's original identifiers.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. Profile owner access is
+ * deprecated and will be removed in a future release.
*
* @return The serial number if specified.
*/
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
index b06be1a..2dbbf55 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
@@ -70,7 +70,8 @@
}
@Override
- public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) {
+ public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid,
+ int uid) {
return false;
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 70cdba2..26ea152 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7871,7 +7871,21 @@
}
@Override
- public boolean checkDeviceIdentifierAccess(String packageName, int userHandle) {
+ public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid,
+ int uid) {
+ // If the caller is not a system app then it should only be able to check its own device
+ // identifier access.
+ int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid());
+ if (callingAppId >= Process.FIRST_APPLICATION_UID
+ && callingAppId != UserHandle.getAppId(uid)) {
+ return false;
+ }
+ // A device or profile owner must also have the READ_PHONE_STATE permission to access device
+ // identifiers. If the package being checked does not have this permission then deny access.
+ if (mContext.checkPermission(android.Manifest.permission.READ_PHONE_STATE, pid, uid)
+ != PackageManager.PERMISSION_GRANTED) {
+ return false;
+ }
// Allow access to the device owner.
ComponentName deviceOwner = getDeviceOwnerComponent(true);
if (deviceOwner != null && deviceOwner.getPackageName().equals(packageName)) {
diff --git a/telephony/java/android/telephony/TelephonyManager.java b/telephony/java/android/telephony/TelephonyManager.java
index c4a583e..62412e9 100644
--- a/telephony/java/android/telephony/TelephonyManager.java
+++ b/telephony/java/android/telephony/TelephonyManager.java
@@ -17,6 +17,7 @@
package android.telephony;
import static android.content.Context.TELECOM_SERVICE;
+
import static com.android.internal.util.Preconditions.checkNotNull;
import android.annotation.IntDef;
@@ -1310,11 +1311,11 @@
* Returns the unique device ID, for example, the IMEI for GSM and the MEID
* or ESN for CDMA phones. Return null if device ID is not available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @deprecated Use (@link getImei} which returns IMEI for GSM or (@link getMeid} which returns
* MEID for CDMA.
@@ -1339,11 +1340,11 @@
* Returns the unique device ID of a subscription, for example, the IMEI for
* GSM and the MEID for CDMA phones. Return null if device ID is not available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @param slotIndex of which deviceID is returned
*
@@ -1371,11 +1372,11 @@
* Returns the IMEI (International Mobile Equipment Identity). Return null if IMEI is not
* available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*/
@SuppressAutoDoc // No support for device / profile owner.
@RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
@@ -1387,11 +1388,11 @@
* Returns the IMEI (International Mobile Equipment Identity). Return null if IMEI is not
* available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @param slotIndex of which IMEI is returned
*/
@@ -1440,11 +1441,11 @@
/**
* Returns the MEID (Mobile Equipment Identifier). Return null if MEID is not available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*/
@SuppressAutoDoc // No support for device / profile owner.
@RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
@@ -1455,11 +1456,11 @@
/**
* Returns the MEID (Mobile Equipment Identifier). Return null if MEID is not available.
*
- * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE or for the calling package to be the
- * device or profile owner. The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, or for the calling package to be the
+ * device or profile owner and have the READ_PHONE_STATE permission. The profile owner is an app
+ * that owns a managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @param slotIndex of which MEID is returned
*/
@@ -2955,11 +2956,11 @@
* unavailable.
*
* <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or
- * profile owner, or that the calling app has carrier privileges (see {@link
- * #hasCarrierPrivileges}). The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier
+ * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a
+ * managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*/
@SuppressAutoDoc // Blocked by b/72967236 - no support for carrier privileges
@RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
@@ -2972,11 +2973,11 @@
* unavailable.
*
* <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or
- * profile owner, or that the calling app has carrier privileges (see {@link
- * #hasCarrierPrivileges}). The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier
+ * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a
+ * managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @param subId for which Sim Serial number is returned
* @hide
@@ -3117,11 +3118,11 @@
* Return null if it is unavailable.
*
* <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or
- * profile owner, or that the calling app has carrier privileges (see {@link
- * #hasCarrierPrivileges}). The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier
+ * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a
+ * managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*/
@SuppressAutoDoc // Blocked by b/72967236 - no support for carrier privileges
@RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
@@ -3135,11 +3136,11 @@
* Return null if it is unavailable.
*
* <p>Requires Permission: READ_PRIVILEGED_PHONE_STATE, for the calling app to be the device or
- * profile owner, or that the calling app has carrier privileges (see {@link
- * #hasCarrierPrivileges}). The profile owner is an app that owns a managed profile on the
- * device; for more details see <a href="https://developer.android.com/work/managed-profiles">
- * Work profiles</a>. Profile owner access is deprecated and will be removed in a future
- * release.
+ * profile owner and have the READ_PHONE_STATE permission, or that the calling app has carrier
+ * privileges (see {@link #hasCarrierPrivileges}). The profile owner is an app that owns a
+ * managed profile on the device; for more details see <a
+ * href="https://developer.android.com/work/managed-profiles">Work profiles</a>. Profile owner
+ * access is deprecated and will be removed in a future release.
*
* @param subId whose subscriber id is returned
* @hide