Ensure access to multiple call settings is restricted.
This CL check if access to mobile network configurations are restricted before displaying the button to select CdmaCallForwardOptions, GsmUmtsCallForwardOptions, GsmUmtsAdditionalCallOptions, and GsmUmtsCallBarringOptions. This reolves a security vulnerability where users were able to configure these call settings mobile network setting even after the device owner had applied the no_config_mobile_networks restriction. This CL also prevents these classes from being exported and reverts a less thorough fix to this issue that had been previously applied.
Fixes: 277579183
Test: Manual using adb + POC malicous apk
Change-Id: I9b12cbf5d5b9a1356e7d06ae7583d6c5047db31c
diff --git a/src/com/android/phone/CallFeaturesSetting.java b/src/com/android/phone/CallFeaturesSetting.java
index 8129deb..145df41 100644
--- a/src/com/android/phone/CallFeaturesSetting.java
+++ b/src/com/android/phone/CallFeaturesSetting.java
@@ -263,14 +263,6 @@
return;
}
- // Make sure mobile network configurations are not restricted.
- if (userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) {
- Toast.makeText(this, R.string.call_settings_no_config_mobile_networks,
- Toast.LENGTH_SHORT).show();
- finish();
- return;
- }
-
mSubscriptionInfoHelper = new SubscriptionInfoHelper(this, getIntent());
mPhone = mSubscriptionInfoHelper.getPhone();
mSubscriptionInfoHelper.setActionBarTitle(
diff --git a/src/com/android/phone/CdmaCallOptions.java b/src/com/android/phone/CdmaCallOptions.java
index 6145870..e468c00 100644
--- a/src/com/android/phone/CdmaCallOptions.java
+++ b/src/com/android/phone/CdmaCallOptions.java
@@ -16,8 +16,10 @@
package com.android.phone;
+import android.content.Context;
import android.os.Bundle;
import android.os.PersistableBundle;
+import android.os.UserManager;
import android.preference.Preference;
import android.preference.PreferenceScreen;
import android.telephony.CarrierConfigManager;
@@ -78,9 +80,20 @@
buttonVoicePrivacy.setEnabled(false);
}
+ // If mobile network configs are restricted, then hide the mCallForwardingPref and
+ // mCallWaitingPref.
+ UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
+ boolean mobileNetworkConfigsRestricted =
+ userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS);
+ if (mobileNetworkConfigsRestricted) {
+ Log.i(LOG_TAG, "Mobile network configs are restricted, hiding CDMA call forwarding "
+ + "and CDMA call waiting options.");
+ }
+
mCallForwardingPref = getPreferenceScreen().findPreference(CALL_FORWARDING_KEY);
if (carrierConfig != null && carrierConfig.getBoolean(
- CarrierConfigManager.KEY_CALL_FORWARDING_VISIBILITY_BOOL)) {
+ CarrierConfigManager.KEY_CALL_FORWARDING_VISIBILITY_BOOL) &&
+ !mobileNetworkConfigsRestricted) {
mCallForwardingPref.setIntent(
subInfoHelper.getIntent(CdmaCallForwardOptions.class));
} else {
@@ -91,7 +104,8 @@
mCallWaitingPref = (CdmaCallWaitingPreference) getPreferenceScreen()
.findPreference(CALL_WAITING_KEY);
if (carrierConfig == null || !carrierConfig.getBoolean(
- CarrierConfigManager.KEY_ADDITIONAL_SETTINGS_CALL_WAITING_VISIBILITY_BOOL)) {
+ CarrierConfigManager.KEY_ADDITIONAL_SETTINGS_CALL_WAITING_VISIBILITY_BOOL) ||
+ mobileNetworkConfigsRestricted) {
getPreferenceScreen().removePreference(mCallWaitingPref);
mCallWaitingPref = null;
}
diff --git a/src/com/android/phone/GsmUmtsCallOptions.java b/src/com/android/phone/GsmUmtsCallOptions.java
index 51d1b66..8ff7ecc 100644
--- a/src/com/android/phone/GsmUmtsCallOptions.java
+++ b/src/com/android/phone/GsmUmtsCallOptions.java
@@ -16,13 +16,16 @@
package com.android.phone;
+import android.content.Context;
import android.os.Bundle;
import android.os.PersistableBundle;
+import android.os.UserManager;
import android.preference.Preference;
import android.preference.PreferenceActivity;
import android.preference.PreferenceScreen;
import android.provider.Settings;
import android.telephony.CarrierConfigManager;
+import android.util.Log;
import android.view.MenuItem;
import com.android.internal.telephony.PhoneConstants;
@@ -79,10 +82,22 @@
isAirplaneModeOff = PhoneGlobals.AIRPLANE_ON != airplaneMode;
}
+ // If mobile network configs are restricted, then hide the GsmUmtsCallForwardOptions,
+ // GsmUmtsAdditionalCallOptions, and GsmUmtsCallBarringOptions.
+ UserManager userManager = (UserManager) subInfoHelper.getPhone().getContext()
+ .getSystemService(Context.USER_SERVICE);
+ boolean mobileNetworkConfigsRestricted =
+ userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS);
+ if (mobileNetworkConfigsRestricted) {
+ Log.i(LOG_TAG, "Mobile network configs are restricted, hiding GSM call "
+ + "forwarding, additional call settings, and call options.");
+ }
+
Preference callForwardingPref = prefScreen.findPreference(CALL_FORWARDING_KEY);
if (callForwardingPref != null) {
if (b != null && b.getBoolean(
- CarrierConfigManager.KEY_CALL_FORWARDING_VISIBILITY_BOOL)) {
+ CarrierConfigManager.KEY_CALL_FORWARDING_VISIBILITY_BOOL) &&
+ !mobileNetworkConfigsRestricted) {
callForwardingPref.setIntent(
subInfoHelper.getIntent(GsmUmtsCallForwardOptions.class));
callForwardingPref.setEnabled(isAirplaneModeOff);
@@ -97,7 +112,8 @@
if (b != null && (b.getBoolean(
CarrierConfigManager.KEY_ADDITIONAL_SETTINGS_CALL_WAITING_VISIBILITY_BOOL)
|| b.getBoolean(
- CarrierConfigManager.KEY_ADDITIONAL_SETTINGS_CALLER_ID_VISIBILITY_BOOL))) {
+ CarrierConfigManager.KEY_ADDITIONAL_SETTINGS_CALLER_ID_VISIBILITY_BOOL)) &&
+ !mobileNetworkConfigsRestricted) {
additionalGsmSettingsPref.setIntent(
subInfoHelper.getIntent(GsmUmtsAdditionalCallOptions.class));
additionalGsmSettingsPref.setEnabled(isAirplaneModeOff);
@@ -108,7 +124,8 @@
Preference callBarringPref = prefScreen.findPreference(CALL_BARRING_KEY);
if (callBarringPref != null) {
- if (b != null && b.getBoolean(CarrierConfigManager.KEY_CALL_BARRING_VISIBILITY_BOOL)) {
+ if (b != null && b.getBoolean(CarrierConfigManager.KEY_CALL_BARRING_VISIBILITY_BOOL) &&
+ !mobileNetworkConfigsRestricted) {
callBarringPref.setIntent(subInfoHelper.getIntent(GsmUmtsCallBarringOptions.class));
callBarringPref.setEnabled(isAirplaneModeOff);
} else {
diff --git a/src/com/android/phone/settings/fdn/FdnSetting.java b/src/com/android/phone/settings/fdn/FdnSetting.java
index f561829..e347dec 100644
--- a/src/com/android/phone/settings/fdn/FdnSetting.java
+++ b/src/com/android/phone/settings/fdn/FdnSetting.java
@@ -508,15 +508,6 @@
protected void onCreate(Bundle icicle) {
super.onCreate(icicle);
- // Make sure mobile network configurations are not restricted.
- UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
- if (userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) {
- Toast.makeText(this, R.string.call_settings_no_config_mobile_networks,
- Toast.LENGTH_SHORT).show();
- finish();
- return;
- }
-
mSubscriptionInfoHelper = new SubscriptionInfoHelper(this, getIntent());
mPhone = mSubscriptionInfoHelper.getPhone();