[security] SubscriptionGroup is exposed to unprivileged callers
SubscriptionInfo.mGroupUUID is not cleared in
conditionallyRemoveIdentifiers if the caller only has READ_PHONE_STATE
(based on a check to checkReadPhoneState) and not READ_DEVICE_IDENTIFIERS.
Bug: 181053462
Test: atest SubscriptionManagerTest
Change-Id: Ic2b62523330dc6e2169ad851715c4ab3da3b29cf
Merged-In: Ic2b62523330dc6e2169ad851715c4ab3da3b29cf
(cherry picked from commit 121c969e22950cd966bb99b101c1e7e50084ae3c)
diff --git a/telephony/java/android/telephony/SubscriptionInfo.java b/telephony/java/android/telephony/SubscriptionInfo.java
index 11667c8..8222eef 100644
--- a/telephony/java/android/telephony/SubscriptionInfo.java
+++ b/telephony/java/android/telephony/SubscriptionInfo.java
@@ -568,6 +568,13 @@
/**
* @hide
*/
+ public void clearGroupUuid() {
+ this.mGroupUUID = null;
+ }
+
+ /**
+ * @hide
+ */
public List<String> getEhplmns() {
return mEhplmns == null ? Collections.emptyList() : Arrays.asList(mEhplmns);
}