commit 7a8fba2e22f3a3ab23eeb839bfaa792f1d5ac5b0
author Chad Brubaker <cbrubaker@google.com> Thu Nov 10 11:23:18 2016 -0800
committer Chad Brubaker <cbrubaker@google.com> Mon Nov 14 10:37:41 2016 -0800
tree 112889399dbd9e04c5afb5dc3befdb251f306911
parent f660b355d825a19b41bcaa095c68b25e4c8d1c34

Add READ_PHONE_NUMBER permission

READ_PHONE_NUMBER allows only access to the phone number and not all the
other things that READ_PHONE_STATE allows access to. READ_PHONE_NUMBER
will be accessible to ephemeral apps while READ_PHONE_STATE will no
longer be.

Test: Verified that getLine1Number works with READ_PHONE_NUMBER from an
epemheral app
Test: cts-tradefed run cts -m CtsPermission2TestCases
Change-Id: If12017cadda1262726b557a393be7cff4004940c

src/com/android/phone/PhoneInterfaceManager.java

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index ac4510a..84dac1e 100644
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -3017,22 +3017,41 @@
                 Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED) {
             return true;
         }
+
         try {
             return canReadPhoneState(callingPackage, message);
         } catch (SecurityException readPhoneStateSecurityException) {
-            try {
-                // Can be read with READ_SMS too.
-                mApp.enforceCallingOrSelfPermission(android.Manifest.permission.READ_SMS, message);
-                return mAppOps.noteOp(AppOpsManager.OP_READ_SMS,
-                        Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED;
-            } catch (SecurityException readSmsSecurityException) {
-                // Throw exception with message including both READ_PHONE_STATE and READ_SMS
-                // permissions
-                throw new SecurityException(message + ": Neither user " + Binder.getCallingUid() +
-                        " nor current process has " + android.Manifest.permission.READ_PHONE_STATE +
-                        " or " + android.Manifest.permission.READ_SMS + ".");
-            }
         }
+        // Can be read with READ_SMS too.
+        try {
+            mApp.enforceCallingOrSelfPermission(android.Manifest.permission.READ_SMS, message);
+            int opCode = mAppOps.permissionToOpCode(android.Manifest.permission.READ_SMS);
+            if (opCode != AppOpsManager.OP_NONE) {
+                return mAppOps.noteOp(opCode, Binder.getCallingUid(), callingPackage)
+                        == AppOpsManager.MODE_ALLOWED;
+            } else {
+                return true;
+            }
+        } catch (SecurityException readSmsSecurityException) {
+        }
+        // Can be read with READ_PHONE_NUMBER too.
+        try {
+            mApp.enforceCallingOrSelfPermission(android.Manifest.permission.READ_PHONE_NUMBER,
+                    message);
+            int opCode = mAppOps.permissionToOpCode(android.Manifest.permission.READ_PHONE_NUMBER);
+            if (opCode != AppOpsManager.OP_NONE) {
+                return mAppOps.noteOp(opCode, Binder.getCallingUid(), callingPackage)
+                        == AppOpsManager.MODE_ALLOWED;
+            } else {
+                return true;
+            }
+        } catch (SecurityException readPhoneNumberSecurityException) {
+        }
+
+        throw new SecurityException(message + ": Neither user " + Binder.getCallingUid() +
+                " nor current process has" + android.Manifest.permission.READ_PHONE_STATE +
+                ", " + android.Manifest.permission.READ_SMS + ", or " +
+                android.Manifest.permission.READ_PHONE_NUMBER);
     }
 
     @Override