Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_services_Telephony / 740e1678d9732e963f58af9a3301d1cfbbbd3714^! / . / src / com / android / phone / PhoneInterfaceManager.java
commit740e1678d9732e963f58af9a3301d1cfbbbd3714[log] [tgz]
authorDerek Tan <derektan@google.com>Tue Jun 27 14:56:27 2017 -0700
committerDerek Tan <derektan@google.com>Wed Jun 28 10:00:03 2017 -0700
tree76d1bf240ad03974d8a442e756bf8d60f84b1a14
parent13287dfeb826c7aa22f739e18597a20628e74130 [diff] [blame]
Prevent any app except LPA to create logical channel to AID of ISD-R.

Bug: 33077154
Test: manual verification using LPA and  other app to open logical
      channel to ISD-R separately

Change-Id: I2779dbfd573338683665f9cc74b9b92f4e5db8c2

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index 0a1d073..f793a57 100644
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java

@@ -26,6 +26,7 @@
 import android.content.Context;
 import android.content.Intent;
 import android.content.SharedPreferences;
+import android.content.pm.ComponentInfo;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.net.NetworkStats;
@@ -96,6 +97,7 @@
 import com.android.internal.telephony.RIL;
 import com.android.internal.telephony.RILConstants;
 import com.android.internal.telephony.SubscriptionController;
+import com.android.internal.telephony.euicc.EuiccConnector;
 import com.android.internal.telephony.uicc.IccIoResult;
 import com.android.internal.telephony.uicc.IccUtils;
 import com.android.internal.telephony.uicc.SIMRecords;
@@ -193,6 +195,9 @@
     private static final String PREF_CARRIERS_NUMBER_PREFIX = "carrier_number_";
     private static final String PREF_CARRIERS_SUBSCRIBER_PREFIX = "carrier_subscriber_";
 
+    // The AID of ISD-R.
+    private static final String ISDR_AID = "A0000005591010FFFFFFFF8900000100";
+
     private NetworkScanRequestTracker mNetworkScanRequestTracker;
 
     /**
@@ -2397,12 +2402,25 @@
     }
 
     @Override
-    public IccOpenLogicalChannelResponse iccOpenLogicalChannel(int subId, String AID, int p2) {
+    public IccOpenLogicalChannelResponse iccOpenLogicalChannel(
+            int subId, String callingPackage, String aid, int p2) {
         enforceModifyPermissionOrCarrierPrivilege(subId);
 
-        if (DBG) log("iccOpenLogicalChannel: subId=" + subId + " aid=" + AID + " p2=" + p2);
+        if (TextUtils.equals(ISDR_AID, aid)) {
+            // Only allows LPA to open logical channel to ISD-R.
+            mAppOps.checkPackage(Binder.getCallingUid(), callingPackage);
+            ComponentInfo bestComponent =
+                    EuiccConnector.findBestComponent(mPhone.getContext().getPackageManager());
+            if (bestComponent == null
+                    || !TextUtils.equals(callingPackage, bestComponent.packageName)) {
+                loge("The calling package is not allowed to access ISD-R.");
+                throw new SecurityException("The calling package is not allowed to access ISD-R.");
+            }
+        }
+
+        if (DBG) log("iccOpenLogicalChannel: subId=" + subId + " aid=" + aid + " p2=" + p2);
         IccOpenLogicalChannelResponse response = (IccOpenLogicalChannelResponse)sendRequest(
-            CMD_OPEN_CHANNEL, new Pair<String, Integer>(AID, p2), subId);
+                CMD_OPEN_CHANNEL, new Pair<String, Integer>(aid, p2), subId);
         if (DBG) log("iccOpenLogicalChannel: " + response);
         return response;
     }