Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telephony / 102b27765aadb26935faa9b89bb0c784d019fd18^! / . / src / com / android / phone / PhoneInterfaceManager.java
commit102b27765aadb26935faa9b89bb0c784d019fd18[log] [tgz]
authorJordan Liu <jminjie@google.com>Wed Mar 04 13:59:23 2020 -0800
committerJordan Liu <jminjie@google.com>Wed Mar 04 22:13:05 2020 +0000
tree61b049c7d5c45012bc7fca822fcbcc42feeacfae
parent49c38a63b9ad1eb670b87e4e4ca364fb0841a3a3 [diff] [blame]
Check UID in getUiccCardsInfoSecurity

To avoid the case where a caller calls
PhoneInterfaceManager#getUiccCardsInfoSecurity using reflection and
supplies a calling package with privilege which isn't their own package,
we confirm that the calling package UID matches the supplied package.

Bug: 146570216
Test: atest com.android.phone.PhoneInterfaceManagerTest
Change-Id: Id08009f2feb281c20aaad55aa89faae66b709f88

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index 0e909a6..1b968a9 100755
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java

@@ -120,6 +120,7 @@
 
 import com.android.ims.ImsManager;
 import com.android.ims.internal.IImsServiceFeatureCallback;
+import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.telephony.CallForwardInfo;
 import com.android.internal.telephony.CallManager;
 import com.android.internal.telephony.CallStateException;
@@ -1617,7 +1618,8 @@
     }
 
     /** Private constructor; @see init() */
-    private PhoneInterfaceManager(PhoneGlobals app) {
+    @VisibleForTesting
+    /* package */ PhoneInterfaceManager(PhoneGlobals app) {
         mApp = app;
         mCM = PhoneGlobals.getInstance().mCM;
         mImsResolver = PhoneGlobals.getInstance().getImsResolver();
@@ -7446,6 +7448,15 @@
 
     @Override
     public List<UiccCardInfo> getUiccCardsInfo(String callingPackage) {
+        try {
+            PackageManager pm = mApp.getPackageManager();
+            if (Binder.getCallingUid() != pm.getPackageUid(callingPackage, 0)) {
+                throw new SecurityException("Calling package " + callingPackage + " does not match "
+                        + "calling UID");
+            }
+        } catch (PackageManager.NameNotFoundException e) {
+            throw new SecurityException("Invalid calling package. e=" + e);
+        }
         boolean hasReadPermission = false;
         try {
             enforceReadPrivilegedPermission("getUiccCardsInfo");