Carrier Priviliged Apps Can't Use Security Reasons
Ensures that only apps that have the MODIFY_PHONE_STATE permission can
use security-based reasons for
TelephonyManager.setAllowedNetworkTypesForReason. Apps that only have
carrier privileges should not be able to override user or enterprise
security settings.
Test: atest android.telephony.cts.TelephonyManagerTest
Bug: 245322623
Change-Id: Ide63c4d479d44ec0604032d54462e954b36b3053
diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
old mode 100755
new mode 100644
index 837df86..1774182
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -6503,6 +6503,17 @@
@TelephonyManager.NetworkTypeBitMask long allowedNetworkTypes) {
TelephonyPermissions.enforceCallingOrSelfModifyPermissionOrCarrierPrivilege(
mApp, subId, "setAllowedNetworkTypesForReason");
+ // If the caller only has carrier privileges, then they should not be able to override
+ // any network types which were set for security reasons.
+ if (mApp.checkCallingOrSelfPermission(Manifest.permission.MODIFY_PHONE_STATE)
+ != PERMISSION_GRANTED
+ && (reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G
+ || reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_USER_RESTRICTIONS)) {
+ throw new SecurityException(
+ "setAllowedNetworkTypesForReason cannot be called with carrier privileges for"
+ + " reason "
+ + reason);
+ }
if (!TelephonyManager.isValidAllowedNetworkTypesReason(reason)) {
loge("setAllowedNetworkTypesForReason: Invalid allowed network type reason: " + reason);
return false;