Make READ_PRIVILEGED/system allow callers to see all uicc card info
Fixes: 130826215
Test: manual
Change-Id: I9a3ad0328f56d369659c3e55bcd932b0b1346f27
Merged-In: I9a3ad0328f56d369659c3e55bcd932b0b1346f27
diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index 46c2847..3b8ef64 100755
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -6273,14 +6273,16 @@
@Override
public List<UiccCardInfo> getUiccCardsInfo(String callingPackage) {
+ boolean hasReadPermission = false;
try {
enforceReadPrivilegedPermission("getUiccCardsInfo");
+ hasReadPermission = true;
} catch (SecurityException e) {
// even without READ_PRIVILEGED_PHONE_STATE, we allow the call to continue if the caller
// has carrier privileges on an active UICC
if (checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
!= TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
- throw new SecurityException("Caller does not have carrier privileges on any UICC");
+ throw new SecurityException("Caller does not have permission.");
}
}
@@ -6288,27 +6290,30 @@
try {
UiccController uiccController = UiccController.getInstance();
ArrayList<UiccCardInfo> cardInfos = uiccController.getAllUiccCardInfos();
-
- ApplicationInfo ai = mApp.getPackageManager().getApplicationInfo(callingPackage, 0);
- if ((ai.flags & ApplicationInfo.FLAG_SYSTEM) == 0) {
- // Remove private info if the caller doesn't have access
- ArrayList<UiccCardInfo> filteredInfos = new ArrayList<>();
- for (UiccCardInfo cardInfo : cardInfos) {
- UiccCard card = uiccController.getUiccCard(cardInfo.getSlotIndex());
- UiccProfile profile = card.getUiccProfile();
- if (profile.getCarrierPrivilegeStatus(mApp.getPackageManager(), callingPackage)
- != TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
- filteredInfos.add(cardInfo.getUnprivileged());
- } else {
- filteredInfos.add(cardInfo);
- }
- }
- return filteredInfos;
+ if (hasReadPermission) {
+ return cardInfos;
}
- return cardInfos;
- } catch (PackageManager.NameNotFoundException e) {
- // This should not happen since we pass the package info in from TelephonyManager
- throw new SecurityException("Invalid calling package.");
+
+ // Remove private info if the caller doesn't have access
+ ArrayList<UiccCardInfo> filteredInfos = new ArrayList<>();
+ for (UiccCardInfo cardInfo : cardInfos) {
+ // For an inactive eUICC, the UiccCard will be null even though the UiccCardInfo
+ // is available
+ UiccCard card = uiccController.getUiccCardForSlot(cardInfo.getSlotIndex());
+ if (card == null || card.getUiccProfile() == null) {
+ // assume no access if the card or profile is unavailable
+ filteredInfos.add(cardInfo.getUnprivileged());
+ continue;
+ }
+ UiccProfile profile = card.getUiccProfile();
+ if (profile.getCarrierPrivilegeStatus(mApp.getPackageManager(), callingPackage)
+ == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
+ filteredInfos.add(cardInfo);
+ } else {
+ filteredInfos.add(cardInfo.getUnprivileged());
+ }
+ }
+ return filteredInfos;
} finally {
Binder.restoreCallingIdentity(identity);
}