Do not report WiFi and Bluetooth MAC addresses - framework.
As a part of the new runtime permissions work we are limiting
the PII apps can access. BT and WiFi MAC addresses are PII and
based on our research there is no valid use case for app dev
to get these addresses aside of user tracking which we are
trying to limit.
bug:21078858
Change-Id: Ib48223b272c0fd4f5c36acc889d4f44df204b309
diff --git a/services/core/java/com/android/server/BluetoothManagerService.java b/services/core/java/com/android/server/BluetoothManagerService.java
index f5d27f9..c46fa76 100644
--- a/services/core/java/com/android/server/BluetoothManagerService.java
+++ b/services/core/java/com/android/server/BluetoothManagerService.java
@@ -16,6 +16,7 @@
package com.android.server;
+import android.Manifest;
import android.app.ActivityManager;
import android.bluetooth.BluetoothAdapter;
import android.bluetooth.BluetoothProfile;
@@ -909,16 +910,22 @@
mCallbacks.finishBroadcast();
}
}
+
public String getAddress() {
mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM,
- "Need BLUETOOTH permission");
+ "Need BLUETOOTH permission");
if ((Binder.getCallingUid() != Process.SYSTEM_UID) &&
- (!checkIfCallerIsForegroundUser())) {
+ (!checkIfCallerIsForegroundUser())) {
Log.w(TAG,"getAddress(): not allowed for non-active and non system user");
return null;
}
+ if (mContext.checkCallingOrSelfPermission(Manifest.permission.LOCAL_MAC_ADDRESS)
+ != PackageManager.PERMISSION_GRANTED) {
+ return BluetoothAdapter.DEFAULT_MAC_ADDRESS;
+ }
+
synchronized(mConnection) {
if (mBluetooth != null) {
try {