commit 1adf4562e2990eff2d092ffb93d65594fe5c09a0
author Nazanin <nazaninb@google.com> Mon Mar 29 15:35:30 2021 -0700
committer Nazanin Bakhshi <nazaninb@google.com> Tue Apr 20 15:47:12 2021 +0000
tree 3801b4c6c419bede78b85f9bb9a7e9a9ad9b2088
parent 2d01a224c24225d308e0213888a2a113274f6016

Security fix: enforce read privilege permission to check package
privileges in PhoneInterfaceManager

Bug: 180938364
Test: cts
Change-Id: I03ae773fa76f2f23842eee0b7a9948ca474befc8

src/com/android/phone/TelephonyShellCommand.java

diff --git a/src/com/android/phone/TelephonyShellCommand.java b/src/com/android/phone/TelephonyShellCommand.java
index 8fc7e94..f5b6ad8 100644
--- a/src/com/android/phone/TelephonyShellCommand.java
+++ b/src/com/android/phone/TelephonyShellCommand.java
@@ -2295,6 +2295,7 @@
         String packageName = getNextArgRequired();
 
         boolean hasCarrierPrivileges;
+        final long token = Binder.clearCallingIdentity();
         try {
             hasCarrierPrivileges =
                     mInterface.checkCarrierPrivilegesForPackageAnyPhone(packageName)
@@ -2303,6 +2304,8 @@
             Log.w(LOG_TAG, HAS_CARRIER_PRIVILEGES_COMMAND + " exception", e);
             getErrPrintWriter().println("Exception: " + e.getMessage());
             return -1;
+        } finally {
+            Binder.restoreCallingIdentity(token);
         }
 
         getOutPrintWriter().println(hasCarrierPrivileges);