Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 76ad235b052eb63e9ae2b472f4973f97bc86cebd
commit76ad235b052eb63e9ae2b472f4973f97bc86cebd[log] [tgz]
authorSongFerngWang <songferngwang@google.com>Wed May 05 21:33:00 2021 +0800
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Jun 30 05:29:50 2021 +0000
treefdd89c15b87d13460cce7e04019246a4d944981d
parent661a05dddbef9d77401ae3d7c8daee7b18d01d9a [diff]
[security] SubscriptionGroup is exposed to unprivileged callers

SubscriptionInfo.mGroupUUID is not cleared in
conditionallyRemoveIdentifiers if the caller only has READ_PHONE_STATE
(based on a check to checkReadPhoneState) and not READ_DEVICE_IDENTIFIERS.
Bug: 181053462
Test: atest SubscriptionManagerTest

Change-Id: Ic2b62523330dc6e2169ad851715c4ab3da3b29cf
Merged-In: Ic2b62523330dc6e2169ad851715c4ab3da3b29cf
(cherry picked from commit 121c969e22950cd966bb99b101c1e7e50084ae3c)
1 file changed
tree: fdd89c15b87d13460cce7e04019246a4d944981d
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. cmds/
  6. config/
  7. core/
  8. data/
  9. docs/
  10. drm/
  11. errorprone/
  12. graphics/
  13. identity/
  14. keystore/
  15. libs/
  16. location/
  17. lowpan/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc-extras/
  23. non-updatable-api/
  24. obex/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. Android.bp
  46. Android.mk
  47. ApiDocs.bp
  48. CleanSpec.mk
  49. framework-jarjar-rules.txt
  50. MODULE_LICENSE_APACHE2
  51. NOTICE
  52. pathmap.mk
  53. PREUPLOAD.cfg
  54. StubLibraries.bp
  55. TEST_MAPPING