@EnforcePermission migrations - CarrierConfigLoader
Migrates call sites to use the @EnforcePermission annotation
instead of manually checking permissions.
These are fully behavior-preserving changes that can be identified by
Android Lint (see SimpleManualPermissionEnforcementDetector)
Bug: 265014041
Test: TH
Change-Id: I8e6b16477dc10dcf3caa925b3478058627ea1732
diff --git a/src/com/android/phone/CarrierConfigLoader.java b/src/com/android/phone/CarrierConfigLoader.java
index fa85f27..bc42a93 100644
--- a/src/com/android/phone/CarrierConfigLoader.java
+++ b/src/com/android/phone/CarrierConfigLoader.java
@@ -39,6 +39,7 @@
import android.os.IBinder;
import android.os.Looper;
import android.os.Message;
+import android.os.PermissionEnforcer;
import android.os.PersistableBundle;
import android.os.Process;
import android.os.RemoteException;
@@ -695,6 +696,7 @@
*/
@VisibleForTesting
/* package */ CarrierConfigLoader(@NonNull Context context, @NonNull Looper looper) {
+ super(PermissionEnforcer.fromContext(context));
mContext = context;
mPlatformCarrierConfigPackage =
mContext.getString(R.string.platform_carrier_config_package);
@@ -1408,11 +1410,11 @@
return configSubset;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_PHONE_STATE)
@Override
public void overrideConfig(int subscriptionId, @Nullable PersistableBundle overrides,
boolean persistent) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.MODIFY_PHONE_STATE, null);
+ overrideConfig_enforcePermission();
int phoneId = SubscriptionManager.getPhoneId(subscriptionId);
if (!SubscriptionManager.isValidPhoneId(phoneId)) {
logd("Ignore invalid phoneId: " + phoneId + " for subId: " + subscriptionId);
@@ -1478,10 +1480,10 @@
updateConfigForPhoneId(phoneId);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_PHONE_STATE)
@Override
public void updateConfigForPhoneId(int phoneId, @NonNull String simState) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.MODIFY_PHONE_STATE, null);
+ updateConfigForPhoneId_enforcePermission();
logdWithLocalLog("Update config for phoneId: " + phoneId + " simState: " + simState);
if (!SubscriptionManager.isValidPhoneId(phoneId)) {
throw new IllegalArgumentException("Invalid phoneId: " + phoneId);
@@ -1502,12 +1504,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
@Override
@NonNull
public String getDefaultCarrierServicePackageName() {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
- "getDefaultCarrierServicePackageName");
+ getDefaultCarrierServicePackageName_enforcePermission();
return mPlatformCarrierConfigPackage;
}
diff --git a/tests/Android.bp b/tests/Android.bp
index 08cac05..1f15b9b 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -38,6 +38,7 @@
instrumentation_for: "TeleService",
static_libs: [
+ "frameworks-base-testutils",
"androidx.test.core",
"androidx.test.espresso.core",
"androidx.test.ext.junit",
diff --git a/tests/src/com/android/phone/CarrierConfigLoaderTest.java b/tests/src/com/android/phone/CarrierConfigLoaderTest.java
index b6f8ed8..bd2e4f7 100644
--- a/tests/src/com/android/phone/CarrierConfigLoaderTest.java
+++ b/tests/src/com/android/phone/CarrierConfigLoaderTest.java
@@ -40,8 +40,10 @@
import android.os.Build;
import android.os.Handler;
import android.os.HandlerThread;
+import android.os.PermissionEnforcer;
import android.os.PersistableBundle;
import android.os.UserHandle;
+import android.os.test.FakePermissionEnforcer;
import android.service.carrier.CarrierIdentifier;
import android.telephony.CarrierConfigManager;
import android.telephony.SubscriptionManager;
@@ -97,10 +99,17 @@
private HandlerThread mHandlerThread;
private TestableLooper mTestableLooper;
+ // The AIDL stub will use PermissionEnforcer to check permission from the caller.
+ private FakePermissionEnforcer mFakePermissionEnforcer = new FakePermissionEnforcer();
+
@Before
public void setUp() throws Exception {
super.setUp();
MockitoAnnotations.initMocks(this);
+ doReturn(Context.PERMISSION_ENFORCER_SERVICE).when(mContext).getSystemServiceName(
+ eq(PermissionEnforcer.class));
+ doReturn(mFakePermissionEnforcer).when(mContext).getSystemService(
+ eq(Context.PERMISSION_ENFORCER_SERVICE));
replaceInstance(SubscriptionManagerService.class, "sInstance", null,
mSubscriptionManagerService);
@@ -142,6 +151,9 @@
@After
public void tearDown() throws Exception {
mContext.revokeAllPermissions();
+ mFakePermissionEnforcer.revoke(android.Manifest.permission.DUMP);
+ mFakePermissionEnforcer.revoke(android.Manifest.permission.MODIFY_PHONE_STATE);
+ mFakePermissionEnforcer.revoke(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE);
mTestableLooper.destroy();
mHandlerThread.quit();
super.tearDown();
@@ -164,7 +176,7 @@
*/
@Test
public void testUpdateConfigForPhoneId_invalidPhoneId() throws Exception {
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
assertThrows(IllegalArgumentException.class,
() -> mCarrierConfigLoader.updateConfigForPhoneId(
@@ -182,7 +194,7 @@
if (!SubscriptionManager.isValidPhoneId(SubscriptionManager.getPhoneId(DEFAULT_SUB_ID))) {
return;
}
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
doNothing().when(mContext).sendBroadcastAsUser(any(Intent.class), any(UserHandle.class));
// Prepare a cached config to fetch from xml
@@ -215,7 +227,7 @@
if (!SubscriptionManager.isValidPhoneId(SubscriptionManager.getPhoneId(DEFAULT_SUB_ID))) {
return;
}
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
// Prepare to make sure we can save the config into the XML file which used as cache
doReturn(PLATFORM_CARRIER_CONFIG_PACKAGE).when(mTelephonyManager)
@@ -252,7 +264,7 @@
*/
@Test
public void testOverrideConfig_invalidSubId() throws Exception {
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
assertThrows(IllegalArgumentException.class, () -> mCarrierConfigLoader.overrideConfig(
SubscriptionManager.INVALID_SUBSCRIPTION_ID, new PersistableBundle(), false));
@@ -267,7 +279,7 @@
if (!SubscriptionManager.isValidPhoneId(SubscriptionManager.getPhoneId(DEFAULT_SUB_ID))) {
return;
}
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
mCarrierConfigLoader.overrideConfig(DEFAULT_SUB_ID, null /*overrides*/,
false/*persistent*/);
@@ -288,7 +300,7 @@
if (!SubscriptionManager.isValidPhoneId(SubscriptionManager.getPhoneId(DEFAULT_SUB_ID))) {
return;
}
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
PersistableBundle config = getTestConfig();
mCarrierConfigLoader.overrideConfig(DEFAULT_SUB_ID, config /*overrides*/,
@@ -308,7 +320,7 @@
*/
@Test
public void testNotifyConfigChangedForSubId_invalidSubId() throws Exception {
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(STUB_PERMISSION_ENABLE_ALL);
assertThrows(IllegalArgumentException.class,
() -> mCarrierConfigLoader.notifyConfigChangedForSubId(
@@ -346,7 +358,7 @@
*/
@Test
public void testGetDefaultCarrierServicePackageName_withPermission() {
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE);
assertThat(mCarrierConfigLoader.getDefaultCarrierServicePackageName())
.isEqualTo(PLATFORM_CARRIER_CONFIG_PACKAGE);
@@ -417,7 +429,7 @@
@Test
public void testMultiSimConfigChanged() throws Exception {
replaceInstance(TelephonyManager.class, "sInstance", null, mTelephonyManager);
- mContext.grantPermission(STUB_PERMISSION_ENABLE_ALL);
+ mFakePermissionEnforcer.grant(android.Manifest.permission.MODIFY_PHONE_STATE);
// Changed from 1 to 2.
doReturn(2).when(mTelephonyManager).getActiveModemCount();