Add checks for READ_PRIVILEGED_PHONE_STATE.
Callers will have either PRIVILEGED or regular READ_PHONE_STATE.
Bug: 22468536
Change-Id: I60251f61250a975f4147b027d2539824a728e3b5
diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java
index 9c5e529..d0d9493 100644
--- a/src/com/android/server/telecom/TelecomServiceImpl.java
+++ b/src/com/android/server/telecom/TelecomServiceImpl.java
@@ -19,6 +19,7 @@
import static android.Manifest.permission.CALL_PHONE;
import static android.Manifest.permission.MODIFY_PHONE_STATE;
import static android.Manifest.permission.READ_PHONE_STATE;
+import static android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE;
import static android.Manifest.permission.REGISTER_SIM_SUBSCRIPTION;
import static android.Manifest.permission.WRITE_SECURE_SETTINGS;
@@ -1110,12 +1111,18 @@
return true;
}
- // Accessing phone state is gated by a special permission.
- mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, message);
+ try {
+ mContext.enforceCallingPermission(READ_PHONE_STATE, message);
+ // SKIP checking run-time OP_READ_PHONE_STATE since using PRIVILEGED
+ return true;
+ } catch (SecurityException e) {
+ // Accessing phone state is gated by a special permission.
+ mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, message);
- // Some apps that have the permission can be restricted via app ops.
- return mAppOpsManager.noteOp(AppOpsManager.OP_READ_PHONE_STATE,
- Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED;
+ // Some apps that have the permission can be restricted via app ops.
+ return mAppOpsManager.noteOp(AppOpsManager.OP_READ_PHONE_STATE,
+ Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED;
+ }
}
private boolean canCallPhone(String callingPackage, String message) {