Move TelephonyPermissions to TelephonyCommon
Test: built
Bug: 145554073
Change-Id: I3681043a197e6daeb16dcf506d672bdcf1fc8da8
diff --git a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
similarity index 91%
rename from telephony/java/com/android/internal/telephony/TelephonyPermissions.java
rename to telephony/common/com/android/internal/telephony/TelephonyPermissions.java
index 96ddf22..86630b0 100644
--- a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java
+++ b/telephony/common/com/android/internal/telephony/TelephonyPermissions.java
@@ -156,6 +156,27 @@
return false;
}
+ /**
+ * Check whether the app with the given pid/uid can read phone state.
+ *
+ * <p>This method behaves in one of the following ways:
+ * <ul>
+ * <li>return true: if the caller has the READ_PRIVILEGED_PHONE_STATE permission, the
+ * READ_PHONE_STATE runtime permission, or carrier privileges on the given subId.
+ * <li>throw SecurityException: if the caller didn't declare any of these permissions, or, for
+ * apps which support runtime permissions, if the caller does not currently have any of
+ * these permissions.
+ * <li>return false: if the caller lacks all of these permissions and doesn't support runtime
+ * permissions. This implies that the user revoked the ability to read phone state
+ * manually (via AppOps). In this case we can't throw as it would break app compatibility,
+ * so we return false to indicate that the calling function should return dummy data.
+ * </ul>
+ *
+ * <p>Note: for simplicity, this method always returns false for callers using legacy
+ * permissions and who have had READ_PHONE_STATE revoked, even if they are carrier-privileged.
+ * Such apps should migrate to runtime permissions or stop requiring READ_PHONE_STATE on P+
+ * devices.
+ */
@VisibleForTesting
public static boolean checkReadPhoneState(
Context context, Supplier<ITelephony> telephonySupplier, int subId, int pid, int uid,
@@ -208,6 +229,20 @@
callingPackage, callingFeatureId, message);
}
+ /**
+ * Check whether the app with the given pid/uid can read phone state, or has carrier
+ * privileges on any active subscription.
+ *
+ * <p>If the app does not have carrier privilege, this method will return {@code false} instead
+ * of throwing a SecurityException. Therefore, the callers cannot tell the difference
+ * between M+ apps which declare the runtime permission but do not have it, and pre-M apps
+ * which declare the static permission but had access revoked via AppOps. Apps in the former
+ * category expect SecurityExceptions; apps in the latter don't. So this method is suitable for
+ * use only if the behavior in both scenarios is meant to be identical.
+ *
+ * @return {@code true} if the app can read phone state or has carrier privilege;
+ * {@code false} otherwise.
+ */
@VisibleForTesting
public static boolean checkReadPhoneStateOnAnyActiveSub(
Context context, Supplier<ITelephony> telephonySupplier, int pid, int uid,
@@ -453,6 +488,11 @@
context, TELEPHONY_SUPPLIER, subId, pid, uid, callingPackage, callingPackageName);
}
+ /**
+ * Check whether the app with the given pid/uid can read the call log.
+ * @return {@code true} if the specified app has the read call log permission and AppOpp granted
+ * to it, {@code false} otherwise.
+ */
@VisibleForTesting
public static boolean checkReadCallLog(
Context context, Supplier<ITelephony> telephonySupplier, int subId, int pid, int uid,
@@ -490,6 +530,12 @@
callingPackage, callingFeatureId, message);
}
+ /**
+ * Returns whether the caller can read phone numbers.
+ *
+ * <p>Besides apps with the ability to read phone state per {@link #checkReadPhoneState}, the
+ * default SMS app and apps with READ_SMS or READ_PHONE_NUMBERS can also read phone numbers.
+ */
@VisibleForTesting
public static boolean checkReadPhoneNumber(
Context context, Supplier<ITelephony> telephonySupplier, int subId, int pid, int uid,
@@ -529,10 +575,10 @@
} catch (SecurityException readPhoneNumberSecurityException) {
}
- throw new SecurityException(message + ": Neither user " + uid +
- " nor current process has " + android.Manifest.permission.READ_PHONE_STATE +
- ", " + android.Manifest.permission.READ_SMS + ", or " +
- android.Manifest.permission.READ_PHONE_NUMBERS);
+ throw new SecurityException(message + ": Neither user " + uid
+ + " nor current process has " + android.Manifest.permission.READ_PHONE_STATE
+ + ", " + android.Manifest.permission.READ_SMS + ", or "
+ + android.Manifest.permission.READ_PHONE_NUMBERS);
}
/**
@@ -543,8 +589,8 @@
*/
public static void enforceCallingOrSelfModifyPermissionOrCarrierPrivilege(
Context context, int subId, String message) {
- if (context.checkCallingOrSelfPermission(android.Manifest.permission.MODIFY_PHONE_STATE) ==
- PERMISSION_GRANTED) {
+ if (context.checkCallingOrSelfPermission(android.Manifest.permission.MODIFY_PHONE_STATE)
+ == PERMISSION_GRANTED) {
return;
}
@@ -586,8 +632,8 @@
}
if (DBG) {
- Rlog.d(LOG_TAG, "No READ_PRIVILEDED_PHONE_STATE permission, " +
- "check carrier privilege next.");
+ Rlog.d(LOG_TAG, "No READ_PRIVILEDED_PHONE_STATE permission, "
+ + "check carrier privilege next.");
}
enforceCallingOrSelfCarrierPrivilege(subId, message);
@@ -612,8 +658,8 @@
private static void enforceCarrierPrivilege(
Supplier<ITelephony> telephonySupplier, int subId, int uid, String message) {
- if (getCarrierPrivilegeStatus(telephonySupplier, subId, uid) !=
- TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
+ if (getCarrierPrivilegeStatus(telephonySupplier, subId, uid)
+ != TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
if (DBG) Rlog.e(LOG_TAG, "No Carrier Privilege.");
throw new SecurityException(message);
}