Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telephony / 616af9829c180a643ec9f86fb99ddc4a22a2bdcb^! / . / src / com / android / phone / CallFeaturesSetting.java
commit616af9829c180a643ec9f86fb99ddc4a22a2bdcb[log] [tgz]
authorGrant Menke <grantmenke@google.com>Wed Jun 12 11:47:52 2024 -0700
committerGrant Menke <grantmenke@google.com>Wed Jun 12 23:51:41 2024 +0000
treee04b172ef6747f813a8fd9f033d284615b87e930
parentebf8ead29dd66f2937edcd1bac80c77e400fc1b6 [diff] [blame]
Ensure access to mobile network configs is restricted.

This CL check if access to mobile network configurations are restricted before initializing and enabling CallFeaturesSetting, PhoneAccountSettingsActivity, and VoicemailSettingsActivity. This reolves a security vulnerability where users were able to configure the various  mobile network settings (Call, voicemail, phone accounts, FDN, etc.) even after the device owner had applied the no_config_mobile_networks restriction.

Fixes: 277589443
Test: Manual using the POC apks
Flag: com.android.internal.telephony.flags.ensure_access_to_call_settings_is_restricted
Change-Id: Id288879bfe9384472e3701e455c5ed607430a967

diff --git a/src/com/android/phone/CallFeaturesSetting.java b/src/com/android/phone/CallFeaturesSetting.java
index 145df41..1dfcde7 100644
--- a/src/com/android/phone/CallFeaturesSetting.java
+++ b/src/com/android/phone/CallFeaturesSetting.java

@@ -58,6 +58,7 @@
 import com.android.ims.ImsManager;
 import com.android.internal.telephony.Phone;
 import com.android.internal.telephony.PhoneConstants;
+import com.android.internal.telephony.flags.Flags;
 import com.android.phone.settings.PhoneAccountSettingsFragment;
 import com.android.phone.settings.SuppServicesUiUtil;
 import com.android.phone.settings.VoicemailSettingsActivity;
@@ -113,6 +114,7 @@
     private PreferenceScreen mVoicemailSettingsScreen;
     private SwitchPreference mEnableVideoCalling;
     private Preference mButtonWifiCalling;
+    private boolean mDisallowedConfig = false;
 
     /*
      * Click Listeners, handle click based on objects attached to UI.
@@ -263,6 +265,14 @@
             return;
         }
 
+        // Check if mobile network configs are restricted.
+        if (Flags.ensureAccessToCallSettingsIsRestricted() &&
+                userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) {
+            mDisallowedConfig = true;
+            Log.i(LOG_TAG, "Mobile network configs are restricted, disabling mobile network "
+                    + "settings");
+        }
+
         mSubscriptionInfoHelper = new SubscriptionInfoHelper(this, getIntent());
         mPhone = mSubscriptionInfoHelper.getPhone();
         mSubscriptionInfoHelper.setActionBarTitle(
@@ -467,7 +477,7 @@
         if (mImsMgr.isVtEnabledByPlatform() && mImsMgr.isVtProvisionedOnDevice()
                 && (carrierConfig.getBoolean(
                         CarrierConfigManager.KEY_IGNORE_DATA_ENABLED_CHANGED_FOR_VIDEO_CALLS)
-                || isDataEnabled)) {
+                || isDataEnabled) && !mDisallowedConfig) {
             boolean currentValue =
                     mImsMgr.isEnhanced4gLteModeSettingEnabledByUser()
                     ? mImsMgr.isVtEnabledByUser() : false;